Wednesday, April 30, 2025
Copyright 2021 - All Right Reserved
Home News ESET Discovers Linux Threat Attacking Supercomputers Called Kobalos
News

ESET Discovers Linux Threat Attacking Supercomputers Called Kobalos

by Khaleej Express
written by Khaleej Express 0 comment

ESET researchers discovered Kobalos, a malware that has been attacking supercomputers – high-performance computer (HPC) clusters. ESET has worked with the CERN Computer Security Team and other organizations involved in mitigating attacks on these scientific research networks. Among other targets was a large Asian ISP, a North American endpoint security vendor as well as several privately held servers.

ESET researchers have reverse engineered this small, yet complex malware that is portable to many operating systems including Linux, BSD, Solaris, and possibly AIX and Windows. “We have named this malware Kobalos for its tiny code size and many tricks; in Greek mythology, a kobalos is a small, mischievous creature,” explains Marc-Etienne Léveillé, who investigated Kobalos. “It has to be said that this level of sophistication is only rarely seen in Linux malware,” adds Léveillé.

Kobalos is a backdoor containing broad commands that don’t reveal the intent of the attackers. “In short, Kobalos grants remote access to the file system, provides the ability to spawn terminal sessions, and allows proxying connections to other Kobalos-infected servers,” says Léveillé.

Any server compromised by Kobalos can be turned into a Command & Control (C&C) server by the operators sending a single command. As the C&C server IP addresses and ports are hardcoded into the executable, the operators can then generate new Kobalos samples that use this new C&C server. In addition, in most systems compromised by Kobalos, the client for secure communication (SSH) is compromised to steal credentials.

banner

“Anyone using the SSH client of a compromised machine will have their credentials captured. Those credentials can then be used by the attackers to install Kobalos on the newly discovered server later,” adds Léveillé. Setting up two-factor authentication for connecting to SSH servers will mitigate the threat, since the use of stolen credentials seems to be one of the ways it is able to propagate to different systems.

TagsESET Kobalos Linux supercomputers Edit Post

You Might Also Like

You may also like

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’

Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025

GlobalData Finds Companies Across Sectors Posting Jobs Around Vertex AI

UiPath Launches Test Cloud

The National Program for Coders Announces the 2025 winners of InnovAIte

MediaTek CEO Rick Tsai to Deliver Keynote at COMPUTEX 2025

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

Soledad is the Best Newspaper and Magazine WordPress Theme with tons of options and demos ready to import. This theme is perfect for blogs and excellent for online stores, news, magazine or review sites.

Buy Soledad now!

Facebook Twitter Youtube Linkedin Envelope Rss

Useful Links

Edtior's Picks

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’
Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025
The National Program for Coders Announces the 2025 winners of InnovAIte

Latest Articles

Sourcetable Raises $4.3M for AI-Powered ‘Self-Driving Spreadsheet’
Foxconn Chairman Young Liu to Deliver Keynote at COMPUTEX 2025
The National Program for Coders Announces the 2025 winners of InnovAIte
UiPath Launches Test Cloud

u00a92022u00a0Soledad.u00a0All Right Reserved. Designed and Developed byu00a0Penci Design.

@2021 - All Right Reserved. Designed and Developed by PenciDesign