 |
| Kobalos ... malicious software targeting supercomputers |
The ESET cybersecurity team has identified small and sophisticated malware targeting global supercomputers as Kobalos malware.
The malware targets major Asian Internet service providers, US endpoint security vendors, and the supercomputers used by many private servers.
There are many reasons why Kobalos is different: The malware is small but complex enough to affect Linux, BSD, and Solaris operating systems.
Network security company ESET suspects they are compatible with attacks on IBM AIX and Windows devices.
Network security researcher Marc-Etienne Levier said, “It must be said that this complication is rare in Linux malware.
While working with CERN's IT security team, ESET discovered that a unique cross-platform malware targets HPC groups.
In some cases, the malware appears to hijack an SSH server connection to steal data that was then used to gain access to the HPC suite and provide Kobalos.
Basically, Kobalos is a backdoor: after getting to the supercomputer, the code hides on the OpenSSH executable server.
When a call is made through a particular TCP source port, the backdoor is triggered, while the other variants act as the intermediary for the traditional C2 communication.
Kobalos enables operators to remotely access the file system, allows the creation of terminal sessions and also acts as an access point for other servers infected with malware.
According to ESET, one of the unique features of Kobalos is the ability to convert any infected server into C2 with a single command.
Malware presents a challenge to the analysis because all of the code is stored in a function that is frequently called to perform subtasks and all strings are encrypted, which is another obstacle to reverse engineering.
ESET said: We could not determine the intention of the Kobalos operator and the system administrator of the affected device did not find any malware other than the information theft tools. SSH identification.