Skip to content

GitLab vulnerability leads to Proxyjacking malware Campaign

is a widely used open source platform designed for software development, security, and operation. Recently, GitLab fell victim to a cyberattack carried out by hackers who exploited a vulnerability in its infrastructure. This breach allowed the hackers to engage in proxyjacking and cryptojacking activities, using GitLab’s resources for their own gains.

Proxyjacking is a form of online criminal activity where hackers siphon processing power and appropriate untapped bandwidth for their own use. On the other hand, cryptojacking involves cybercriminals deploying crypto mining software without the owner’s consent, using compromised resources to mine cryptocurrencies like Bitcoin.

The cyberattack on GitLab was orchestrated by a threat actor known as LABRAT, who specializes in maintaining a covert presence, distributing malware, exploiting kernel rootkits, and primarily targeting cloud service providers. GitLab has confirmed that vulnerabilities labeled as 13.8.8, 13.9.6, and 13.10.3 were patched in April 2021. However, those who failed to apply these patches have become targets for the LABRAT threat.

GitLab operates as a freemium service provider, offering both free and premium services. The company embraces a remote work culture, with all employees working from home. With a diverse workforce of over 1,300 professionals from 65 countries, GitLab serves 1 million active licensed users among its 30 million registered users. Founded in 2014 by Dmitri Zaporozhets, GitLab has contributed significantly to the open source community by providing a collaborative platform for developers to streamline code deployment.

There is speculation that this cyberattack may be attributed to a pro-Russian cybercriminal group, according to a notable ethical hacker from Russia who maintains an active presence on Telegram.

Key Points:
1. GitLab, a popular open source platform, was recently attacked by hackers who exploited a vulnerability in its infrastructure.
2. The hackers engaged in proxyjacking and cryptojacking activities, using GitLab’s resources for their own gains.
3. The cyberattack was orchestrated by a threat actor known as LABRAT, who primarily targets cloud service providers.
4. GitLab has patched the vulnerabilities, but those who failed to update are at risk.
5. GitLab operates as a freemium service provider and has a diverse global workforce.
6. The cyberattack may be attributed to a pro-Russian cybercriminal group.

Leave a Reply

Your email address will not be published. Required fields are marked *