GitLab Has Reportedly Been Exploited By Threat Actors      

GitLab has reportedly been exploited by threat actors to launch a novel proxyjacking attack. That said, hackers are now selling the excess bandwidth of affected victims for cash.

GitLab Exploited By Threat Actors

GitLab Exploited By Threat Actors

There is a hacking campaign that is currently ongoing reportedly targeting GitLab servers that are vulnerable to a known flaw, researchers are now stating. The goal of the campaign in question is proxyjacking as well as cryptojacking.

In the early parts of this week, cybersecurity researchers from Sysdig published a report, thus detailing a novel threat actor they dubbed LABRAT. This group as you should know has now gone above and well beyond in a bid to stay hidden, thus deploying cross-platform malware, kernel rootkits, and several obfuscation techniques, as well as also abusing legitimate cloud services as much as possible.

Report from the Cybersecurity Team on the Discovery

The report from the team in question reads: “This operation was much more sophisticated than many of the attacks the Sysdig TRT typically observes… the stealthy and evasive techniques and tools used in this operation make defense and detection more challenging.”

And to compromise endpoints successfully and effectively, the threat actors are reportedly abusing CVE-2021-22205. This as you should know is a two-year-old improper validation vulnerability that in question has got a severity score of a whopping 10.0.

The Leak Was Found In Three Separate Versions of GitLab

It was reportedly found in three separate versions of GitLab which are, 13.8.8, 13.9.6, and 13.10.3, but a patch has already and since been available since April 2021. The campaign as you should know once again underlines the importance of frequent patching as well as keeping both software and hardware up to date.

How the Threat Actors Acted

When the attackers get to find a vulnerable endpoint and then effectively establish persistence, they will then go for either proxyjacking or cryptojacking. The former as you should know is the practice of renting out unused victim bandwidth to a proxy network and then earning money in the process.

The latter, on the other hand, simply refers to installing cryptocurrency miners on vulnerable devices, without the knowledge or consent of the owner.

Cryptojackers, while very much popular among the cybercriminal community, are relatively very easy to spot. As mining the crypto in question requires heavy computing power, the computer cannot work on anything else while it is active. Your computer device will be very sluggish and even close to unresponsive. Furthermore, victims can also expect a highly inflated electricity bill.

How Successful Has the Campaign Been

There is however no word yet on just how successful the campaign really is.



Please enter your comment!
Please enter your name here