"New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities"
A new, financially motivated operation named LABRAT has been exploiting a now-patched critical vulnerability in GitLab to conduct cryptojacking and proxyjacking. According to Sysdig, the attacker used undetected signature-based tools, sophisticated cross-platform malware, command-and-control (C2) tools that bypass firewalls, and kernel-based rootkits to hide their presence. In addition, the attacker used TryCloudflare to cover their C2 network. Proxyjacking enables the attacker to rent out the compromised host to a proxy network, monetizing the unused bandwidth. In contrast, cryptojacking refers to abusing system resources for cryptocurrency mining. A notable aspect of the campaign is the use of compiled binaries written in Go and .NET to avoid detection, with LABRAT also providing backdoor access to infected systems. This may pave the way for a follow-on attack, data theft, or ransomware. This article continues to discuss the LABRAT campaign.
THN reports "New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities"