Skip to Content

Discontinued Boa Web Server Used in Cyberattacks

Updated on 2022-11-22: Discontinued Boa Web Server Used in Cyberattacks

Although Boa web server was discontinued in 2005, it is still being used by vendors in Internet of Things (IoT) devices and software development kits (SDKs). Organizations may be unaware that devices on their networks run services that use Boa. Researchers from Recorded Future published a report in April describing cyberattacks that leveraged Boa vulnerabilities. In a recent blog post, Microsoft Security Threat Intelligence “detail[s] the risks affiliated with vulnerable components, highlighting the Boa web server, and how [they] suspect these components could be exploited to target critical industries.”


  • The Recorded Future report details internet facing DVRs/IP Cameras co-opted as C2 control points. There is no such thing as leaving something exposed because it’s “unlikely” to be compromised. Remember IoT is about availability and functionality first. Put access controls in front of services, and if they can’t support MFA, make sure that the protecting control does. Yes, it’s a nuisance to add layers like these but reusable credentials don’t cut it, nor do you want to be outed as an attack enabler.


Overview: Boa server vulnerability

Earlier this year, Recorded Future said that a Chinese APT leveraged a vulnerability in an IoT device to gain access to an Indian electrical grid operator. In a report this week, Microsoft said identified the entry point for that attack as Boa, a tiny web server component discontinued in 2005 but still widely used across the IoT and ICS space. Read more:

    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on