"The trouble began last week when a criminal group calling itself the Crimson Collective claimed it had copied around 570 GB of compressed data from a GitLab environment used by Red Hat's consulting arm, allegedly including some 28,000 internal repositories and hundreds of Customer Engagement Reports (CERs) that contain detailed infrastructure diagrams, configuration files, and, in places, secrets such as access tokens."
"Red Hat last week confirmed to The Reg that the breach was related to a GitLab instance and said it had isolated the affected environment and launched an investigation. The attack did not target GitLab's own infrastructure, spokesperson Emily James stressed to El Reg, saying: "The incident refers to Red Hat's self-managed instance of GitLab Community Edition... Customers who deploy free, self-managed instances on their own infrastructure are responsible for securing their instances, including applying security patches, configuring access controls, and maintenance.""
"What initially looked like a standard extortion play escalated this week after the Crimson Collective crew announced it had joined forces with a Scattered Lapsus$/ShinyHunters syndicate to extort the IBM-owned open source giant. "On the 4th April 1949 was created the so ... called NATO, but what if today's new alliance was bigger than that? But for a greater purpose, ruining corporations mind [ sic]," the group said in Telegram messages seen by The Register. "What if Crimson's shininess extends even further away?"
Criminals claiming to be the Crimson Collective say they exfiltrated about 570 GB from a Red Hat consulting GitLab instance, allegedly including roughly 28,000 internal repositories and hundreds of Customer Engagement Reports containing diagrams, configuration files, and secrets such as access tokens. The group said it found authentication tokens in repos and reports and claimed to have used them to compromise downstream Red Hat customers. Red Hat confirmed the breach involved a self-managed GitLab instance, isolated the affected environment, and opened an investigation while noting customers bear responsibility for securing self-managed instances. The Crimson Collective then allied with a Scattered Lapsus$/ShinyHunters-linked syndicate to escalate an extortion campaign.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]