New Labrat Campaign Unveiled: A Stealthy Threat Targeting Cryptomining and Proxyjacking

Security researchers have recently uncovered a financially motivated cyber threat campaign named Labrat, which cleverly exploits vulnerabilities in order to profit from crypto mining and proxy jacking. These threat actors have gone to great lengths to remain hidden, using various tactics and techniques.

The Labrat Campaign

The Labrat campaign came to light when the team at Sysdig observed the threat actors compromising a targeted container through the use of the legacy GitLab remote code execution vulnerability known as CVE-2021-22205. This flaw allowed them to gain unauthorized access and initiate their malicious activities.

The ultimate objective of the Labrat campaign is to generate revenue by engaging in two primary activities: cryptomining and proxyjacking. Cryptomining involves using the compromised systems’ computational power to mine cryptocurrencies, while proxyjacking allows threat actors to rent out compromised systems used as proxy networks.

Extensive Efforts to Stay Hidden

Unlike many cyber attackers who opt for simple scripts, the Labrat campaign deployed stealthy compiled binaries written in Go and .NET. By doing so, the threat actors enhanced their ability to remain concealed from researchers and network defenders.

In their efforts to obfuscate their command-and-control (C2) network, the attackers exploited a legitimate service called CloudFlare. Leveraging this service allowed them to obscure their malicious activities and increase their chances of avoiding detection.

To maintain their revenue stream and outsmart security defenses, the Labrat attackers continuously update their compiled binaries. This dynamic approach raises the bar for detection, as traditional signature-based defenses struggle to keep up with the rapidly evolving threat.

To ensure persistence, the Labrat attackers utilize a legitimate open-source tool known as Global Socket (GSocket). By leveraging this tool, the attackers can maintain their foothold on compromised systems, making it challenging for organizations to entirely remove their presence.

Potential Expansion of the Campaign

Beyond engaging in cryptomining and proxyjacking, the Labrat campaign offers potential for broader implications. The backdoor deployed by the attackers provides them with access to compromised systems, enabling them to potentially exploit these footholds for other malicious purposes.

Recommendations for Impacted Users

Users impacted by the CVE-2021-22205 vulnerability should promptly adhere to their organization’s security incident and disaster recovery protocols. This includes reporting the incident, deprovisioning the compromised instance, and initiating recovery procedures.

To mitigate the risk posed by the Labrat campaign, it is crucial to deprovision the compromised GitLab instance promptly. Following this, organizations should restore their systems using the latest good working backup to a new GitLab instance, ensuring a clean and secure environment for operations.

The Labrat campaign represents a significant threat in the realm of cybercrime, targeting financial gain through cryptomining and proxyjacking. By utilizing undetected binaries, abusing legitimate services, and constantly updating their techniques, the threat actors behind Labrat have demonstrated their commitment to remaining hidden and profitable. As this campaign evolves, it is imperative for organizations to be vigilant, follow security best practices, and leverage robust detection and prevention measures to safeguard their systems and data.

Explore more

Wix and ActiveCampaign Team Up to Boost Business Engagement

In an era where businesses are seeking efficient digital solutions, the partnership between Wix and ActiveCampaign marks a pivotal moment for enhancing customer engagement. As online commerce evolves, enterprises require robust tools to manage interactions across diverse geographical locations. This alliance combines Wix’s industry-leading website creation and management capabilities with ActiveCampaign’s sophisticated marketing automation platform, promising a comprehensive solution to

Can Coal Plants Power Data Centers With Green Energy Storage?

In the quest to power data centers sustainably, an intriguing concept has emerged: retrofitting coal plants for renewable energy storage. As data centers grapple with skyrocketing energy demands and the imperative to pivot toward green solutions, this innovative idea is gaining traction. The concept revolves around transforming retired coal power facilities into thermal energy storage sites, enabling them to harness

Can AI Transform Business Operations Successfully?

Artificial intelligence (AI) has emerged as a foundational technology poised to revolutionize the structure and efficiency of business operations across industries. With the ability to automate tasks, predict outcomes, and derive insights from vast datasets, AI presents an opportunity for transformative change. Yet, despite its promise, successfully integrating AI into business operations remains a complex undertaking for many organizations. Businesses

Is PayPal Revolutionizing College Sports Payments?

PayPal has made a groundbreaking entry into collegiate sports by securing substantial agreements with the NCAA’s Big Ten and Big 12 conferences, paving the way for student-athletes to receive compensation via its platform. This move marks a significant evolution in PayPal’s strategy to position itself as a leading financial services provider under CEO Alex Criss. With a monumental $100 million

Zayo Expands Fiber Network to Meet Rising Data Demand

The increasing reliance on digital communications and data-driven technologies, such as artificial intelligence, remote work, and ongoing digital transformation, has placed unprecedented demands on the fiber infrastructure industry. Projections indicate a need for nearly 200 million additional fiber-network miles by 2030 to prevent bandwidth shortages, putting pressure on companies like Zayo. As a prominent provider in the telecom infrastructure sector,