Subj : GitLab has been exploited to launch a novel proxyjacking attack
To   : All
From : TechnologyDaily
Date : Fri Aug 18 2023 14:30:03

GitLab has been exploited to launch a novel proxyjacking attack

Date:
Fri, 18 Aug 2023 13:10:56 +0000

Description:
Hackers are selling victim's excess bandwidth for cash and installing 
cryptominers on computers.

FULL STORY
======================================================================

There is an ongoing hacking campaign targeting GitLab servers vulnerable to a 
known flaw, researchers are saying. The goal of the campaign is proxyjacking 
and crypojacking. 

Earlier this week, cybersecurity researchers from Sysdig published a report, 
detailing a novel threat actor they named LABRAT. This group has gone above 
and beyond to stay hidden, deploying cross-platform malware, kernel rootkits, 
and numerous obfuscation techniques, as well as abusing legitimate cloud 
services as much as possible. 

The report reads: This operation was much more sophisticated than many of the 
attacks the Sysdig TRT typically observes... the stealthy and evasive 
techniques and tools used in this operation make defense and detection more 
challenging. Sophisticated campaign 

To successfully compromise endpoints , the attackers are abusing 
CVE-2021-22205. This is a two year-old improper validation vulnerability that 
has a severity score of 10.0. 

It was found in three separate versions of GitLab - 13.8.8, 13.9.6, and 
13.10.3, but a patch has been available since April 2021. The campaign once 
again underlines the importance of frequent patching and keeping both 
software and hardware up to date. Read more 

 > These are the best malware removal tools around 


 > Over a thousand Redis servers hijacked to mine crypto 


 > Microsoft Exchange ProxyShell is being exploited to mine crypto once again 

When the attackers find a vulnerable endpoint and establish persistence, they 
will go for either proxyjacking, or cryptojacking. The former is the practice 
of renting out unused victim bandwidth to a proxy network and earning money 
in the process. 

The latter, on the other hand, refers to installing cryptocurrency miners on 
vulnerable devices, without the owners knowledge or consent. 

Cryptojackers, while popular among the cybercriminal community, are 
relatively easy to spot. As mining crypto requires heavy computing power, the 
computer cant work on anything else while its active; it will be sluggish and 
close to unresponsive. Furthermore, victims can expect a highly inflated 
electricity bill. 

There is no word yet on how successful the campaign really is. Check out the 
best DevOps tools around



======================================================================
Link to news story:
https://www.techradar.com/pro/security/gitlab-has-been-exploited-to-launch-a-n
ovel-proxyjacking-attack


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.