After analyzing attacks against several large supercomputers in Asia and America, ESET security researchers warn of a new type of malware directed especially against supercomputers.
The new malware has been called “Kobalos,” and that was no accident. Kobalos was the name of a creature from Greek mythology, a kind of goblin, famous for causing great problems to mortals despite how small it was.
This small software, which is capable of doing much more than the scarce storage space it occupies, may appear. In fact, it is so complex that it is capable of affecting not just one but three different operating systems — Linux, BSD, and Solaris. But in addition, researchers suspect that it might be possible to make it affect Windows systems.
“It’s rare to see this level of sophistication in Linux malware,” say the researchers, who became suspicious of an attack targeting supercomputers while working with CERN’s security team.
Kobalos is what is known as a “backdoor”, and therefore allows an attacker to enter the infected computer to install more malware or to steal data.
Usually, Kobalos does nothing on the system. It just installs itself in an executable and waits for a connection to a specific TCP port. Only when the attacker makes the connection, Kobalos is able to give him access rights to remote file systems and allows him to open terminals with which to control the system.
This attack is especially dangerous because only one command is necessary to turn any infected server into a C2 (command and control) server, from which a larger-scale attack can be directed. To do this, Kobalos can also connect infected computers to each other.
The worrying thing is, researchers still do not know what the intentions of the creators of this malware were — for example, if the goal was to steal data, use supercomputers for some purpose, or simply hijack it.