Kobalos: A new threat attacking supercomputers

Kobalos’ new malicious code attacks supercomputers – high performance computer clusters (HPC). It was discovered by researchers from the Slovak security company ESET.

Several large companies have already fallen victim to this malicious code. For example, an Asian ISP, a North American security software maker, and several private servers. The real intention of the attackers has not yet been revealed, and it is not yet known how this malicious code spreads.

This complex malware is portable to many operating systems, including Linux, BSD and Solaris. It could run on AIX and even Windows.

“We named this malware Kobalos because of its small code size and the amount of its tricks. In Greek mythology, kobalos is a small and malicious creature. “ explains Marc-Etienne Léveillé, an ESET researcher who investigated the malicious Kobalos code. “It should be emphasized that this level of sophistication is rare in Linux malware.” says Léveillé.

A server that has been compromised by Kobalos can be changed to a command and control server by a remote command from a code operator. Operators can generate new samples of Kobalos, which then connect to other new C&C servers from other infected devices and listen to its commands.

“Anyone who uses an SSH client on the compromised device will have their credentials intercepted. This data can then be used by attackers to later install Kobalos on a newly discovered server. ” adds Léveillé.

Adding multifactor authentication to the SSH server connection can mitigate the threat. It seems that the use of stolen access data is one of the ways Kobalos spreads to various systems.