Kobalos

Kobalos is a multi-platform backdoor dubbed targeting Linux, FreeBSD, Solaris, AIX and Windows. Kobalos targets high-profile servers in academia, including high-performance computers)(HPCs), endpoint security vendors, and large ISP in Europe, North America, and Asia.

The Kobalos backdoor is designed to steal SSH Private Keys and propagate through SSH Remote Services. Since the academic networks are highly interconnected through SSH, it can explain how numerous networks were compromised.[1]

Techniques Used

Domain ID Name Use
Enterprise VT0017 .004 Unsecured Credentials: Private Keys

The backdoor was after cryptographic keys and was also to replace the legitimate OpenSSH client with a trojanized client that will capture any SSH credentials, keys and target hostname, writing them them to an encrypted file.[1]

References

Attachments

ID
VS0012
Type
MALWARE

Created: 06 May 2021

Last Modified: 06 May 2021