ESET researchers announced the discovery of malware that attacks supercomputers. The malware got its name from Kobalos, after the character of ancient Greek mythology, Kobalos, a mischievous spirit who loves to deceive and scare people. A major Internet provider in Asia and an American provider of security solutions have already become victims of malware.
According to ESET, the Kobalos code base is very small, but complex enough to attack Linux, BSD and Solaris, and can easily be suitable for attacks on AIX and Microsoft Windows.
Together with the security team of the European Organization for Nuclear Research (CERN), ESET researchers determined that this malware attacks computing clusters (HPC). In some cases, he intercepted the server’s SSH connection to steal the credentials used by attackers to gain access to the HPC and deploy Kobalos.
Kobalos, according to the researchers, is essentially a backdoor. Once installed on a supercomputer, it is embedded in the OpenSSH server’s executable file (sshd) and starts backdoor functionality if a call is made through a specific TCP port. There are other variants of Kobalos that are not incorporated into sshd. These options connect to the C&C server, acting as intermediaries, or wait for an incoming connection on a given TCP port.
Kobalos provides its operators with remote access to file systems, allows terminal sessions to be started and also acts as a connection point for other servers infected with malware.
A unique feature of Kobalos is its ability to transform any compromised server into a C&C server with just one command. As the C&C server’s IP addresses and ports are encoded in the executable, malware operators can generate new samples of Kobalos using this new C&C server.
The objectives pursued by the malware operators have not yet been determined.
With international agencies
See the original post at: https://www.cisoadvisor.com.br/malware-feito-para-supercomputadores-hpc-ataca-na-asia-e-eua/?rand=59039
