Sysdig, a cloud security company, reports that a newly discovered financially motivated operation relies on signature-based tools and stealthy cross-platform malware to remain undetected and uses TryCloudflare to conceal its command-and-control (C&C) infrastructure.
The campaign, known as LabRat, was seen relying on binaries created in Go and .NET, kernel-based rootkits, and C&C tools to get past firewalls and focus on cryptomining and proxyjacking.
GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.9 to 13.10.3, 13.9.6, and 13.8.8 are affected by CVE-2021-22205, a critical vulnerability. The vulnerability was patched in April 2021 and has a CVSS score of 10.
As part of this campaign, the attackers exploited a bug that allows for unauthenticated remote code execution and used it to deploy a script to achieve persistence.
Read More: Stealthy ‘LabRat’ Campaign Abuses TryCloudflare to Hide Infrastructure
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.