In the domain of quickly changing digital environments, where software development powers collaboration, a recent event using GitLab has exposed a serious security vulnerability. 

Cyber Attackers keep coming up with unusual and sophisticated strategies to penetrate systems and steal private data in the constantly altering world of cyber threats. In this blog, we will shed light on the cyber attack that took advantage of vulnerabilities in GitLab. 

The potential hazards associated with cryptojacking and proxyjacking attacks have been highlighted in this blog. This has raised an alarm for businesses and their data security. Let’s examine the main points of what happened, the reasons why they occurred, and how businesses need to be cyber-secure.

Origin of the GitLab Security Flaw

GitLab is a popular platform for DevOps teams. The operation known as LABRAT recently exploited a patched security vulnerability in GitLab. LABRAT displays a level of complexity that is uncommon in typical cyber-attacks. The attackers employed unknown generated binaries produced in languages like Go and . NET. This was done to successfully portray their activity.

Reasons behind the GitLab Security Flaw

The attacker used deceptively planned approaches. They employed sophisticated cross-platform malware. They used evasive command-and-control (C2) tools, and untraceable signature-based technologies to avoid detection. Additionally, the attacker skillfully concealed their C2 network using reputable services like TryCloudflare. This made the verification extremely difficult. Even kernel-based rootkits were part of the attacker’s arsenal to provide efficient misdirection.

GitLab Security Vulnerability

This operation had financial motives and managed to exploit the vulnerability to launch a dual attack. These dual attacks were Cryptojacking and Proxyjacking. Cyber attackers were secretly renting out unused bandwidth using hacked websites as proxies and manipulating systems to mine bitcoins.

The campaign includes taking advantage of a flaw known as CVE-2021-22205, which had previously been used to mine cryptocurrency. After the original breach was successful, a C2 server’s dropper shell script was retrieved. The deployment of binaries from a hidden GitLab repository, persistence, and lateral movement were all made possible by this script.

The attackers engaged in Cryptojacking, or mining bitcoins across several networks. LABRAT effectively concealed the configurations within the software by utilizing the xmrig binaries, thereby making their strategy more difficult to uncover. Additionally, they made use of Proxyjacking to make money by using their targets’ internet to share with others.

The Attacker’s Target: Monetary Gains and Beyond

The main goal of the LABRAT operation was to make money using two methods: Cryptojacking and Proxyjacking. To put it simply, they made money by either selling hacked IP addresses or renting out compromised systems to create a proxy network for Proxyjacking. Even though this approach used a lot of resources and aimed to damage a brand’s reputation, it provided a way for attackers to earn a profit.

On the other hand, cryptojacking involves using the victim’s computer power to mine cryptocurrency. If not stopped in time, this could lead to significant financial losses for organizations. However, there’s also a possibility that the hackers had even more harmful intentions. With the access they gained, they could engage in more damaging activities like stealing data, breaching security, or even using ransomware.

Secure your Business from Potential Cyber Risks

Kratikal, a CERT-In empanelled auditor, works with organizations to provide VAPT Assessments and Compliance Services to safeguard them from vulnerabilities that are caused by various platforms.

Book a Free Consultation with our Cyber Security Experts

Company Name
Phone Number

In order to strengthen their digital defenses, businesses can benefit greatly from Kratikal’s cybersecurity experience. Businesses can prevent possible crypto-jacking and proxyjacking attacks by using our comprehensive solutions:

  • Patch Management and Vulnerability Assessment: Regular evaluations can help find vulnerabilities like the one exploited against security flaws caused by software like GitLab. Organizations can stop attackers from taking advantage of these gaps by quickly repairing them.
  • Implementing Strong Intrusion Detection Systems: Businesses can get assistance in identifying unauthorized activity and potential breaches before getting their privacy hindered. This results in reduced opportunities for attackers to take control of the network.
  • Analysis of Network Traffic: By closely observing network traffic, one can quickly identify suspicious patterns and unauthorized connections. This prevents attackers from sliding through security gaps.
  • Threat Modelling Techniques: Real-time threat intelligence access can give significant insights into emerging cyber risks and tactics for attack. Businesses can proactively fight against changing cyber incidents with CERT-In’s empanelled auditors’ expertise.
  • Employee Training and Awareness: Human error often serves as the catalyst for cyber attacks. Employee education on security best practices and phishing hazards is necessary. This can significantly lower the success rate of such cyber attacks.


The LABRAT operation is an exceptional instance of the changing nature of cyber threats. Cyber attackers are using sophisticated techniques to avoid detection and make financial resources. They exploit legitimate services, deploy a variety of malware, and evade defenses. This overall emphasizes the need for proactive threat detection and response techniques. 

Leave a comment

Your email address will not be published. Required fields are marked *