GitLab, a widely used open source platform designed to facilitate software development, security, and operation, recently fell victim to a cyberattack orchestrated by hackers who exploited a vulnerability within its infrastructure. This breach allowed them to execute proxyjacking and cryptojacking activities, leveraging the platform’s resources for their own gains.
Proxyjacking constitutes a form of online criminal activity aimed not only at siphoning processing power but also appropriating untapped bandwidth using specialized tools. Conversely, Cryptojacking involves cybercriminals deploying crypto mining software without obtaining the owner’s consent, subsequently harnessing the compromised resources to mine cryptocurrencies like Bitcoin.
According to a report issued by cybersecurity researchers at Sysdig, the attack was orchestrated by a threat actor identified as LABRAT. This actor possesses the capability to maintain a covert presence, distribute malware, exploit kernel rootkits, and predominantly targets cloud service providers.
GitLab has released an official statement confirming that the vulnerabilities labeled as 13.8.8, 13.9.6, and 13.10.3 were effectively addressed and patched in April 2021. However, individuals who failed to apply these patches have now become targets for the LABRAT threat.
It’s noteworthy that GitLab operates as a freemium service provider, offering a blend of free and premium services. Additionally, the company embraces a remote work culture, with all its employees operating from their respective homes. By 2020, the company had amassed a diverse workforce of over 1,300 professionals hailing from more than 65 countries. This global team is currently serving an impressive user base of 1 million active licensed users among the 30 million registered users. GitLab, founded in 2014 by Ukrainian entrepreneur Dmitri Zaporozhets, has significantly contributed to the open source community by providing a collaborative platform for developers to streamline code deployment.
A notable ethical hacker from Russia, who maintains an active presence on Telegram, speculated that this attack might be attributed to a pro-Russian cybercriminal group.
