GitLab’s recently fixed serious vulnerability has been weaponized as part of a cryptojacking and proxyjacking effort by a new, profit-driven enterprise known as LABRAT.
According to a study from Sysdig shared with The Hacker News, “the attacker used undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools that bypassed firewalls, and kernel-based rootkits to hide their presence.”
Additionally, the attacker used TryCloudflare, a respectable provider, to conceal their C2 network.
By renting out the hijacked server to a proxy network using proxyjacking, the attacker is able to make money off the unused bandwidth. On the other hand, cryptojacking describes the misuse of system resources to mine bitcoin read more New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.