High-Performance Computers are Under Siege by a Newly Discovered Backdoor
martyb writes:
High-performance computers are under siege by a newly discovered backdoor:
Kobalos, as researchers from security firm Eset have named the malware, is a backdoor that runs on Linux, FreeBSD, and Solaris, and code artifacts suggest it may have once run on AIX and the ancient Windows 3.11 and Windows 95 platforms. The backdoor was released into the wild no later than 2019, and the group behind it was active throughout last year.
[...] While the Kobalos design is complex, its functionalities are limited and almost entirely related to covert backdoor access. Once fully deployed, the malware gives access to the file system of the compromised system and enables access to a remote terminal that gives the attackers the ability to run arbitrary commands.
In one mode, the malware acts as a passive implant that opens a TCP port on an infected machine and waits for an incoming connection from an attacker. A separate mode allows the malware to convert servers into command-and-control servers that other Kobalis-infected[sic] devices connect to.
[...] Those infected with the malware include a university, an end-point security company, government agencies, and a large ISP, among others. One high-performance computer compromised had no less than 512 gigabytes of RAM and almost a petabyte of storage.
Eset said the number of victims was measured in the tens. The number comes from an Internet-scan that measures behavior that occurs when a connection is established with a compromised host from a specific source port.
[...] The intent of the authors of this malware is still unknown," they wrote. We have not found any clues to indicate whether they steal confidential information, pursue monetary gain, or are after something else."
Also at: SecurityWeek and ThreatPost.
Read more of this story at SoylentNews.