"The hackers, calling themselves Crimson Collective, claimed to have stolen 570 Gb of compressed data from 28,000 private repositories. The obtained data allegedly includes source code, credentials, secrets, and configurations, as well as customer engagement reports (CERs). The attackers also claimed to have used the compromised information to gain access to Red Hat customers' infrastructure. The hackers attempted to extort Red Hat, but based on information obtained by International Cyber Digest their attempt failed and the company had a very limited interaction with the attackers."
"In a blog post published in response to the incident, Red Hat said the compromised GitLab instance has been used for "internal Red Hat Consulting collaboration in select engagements". "Upon detection, we promptly launched a thorough investigation, removed the unauthorized party's access, isolated the instance, and contacted the appropriate authorities," Red Hat said, adding, "Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance.""
Red Hat confirmed that a GitLab instance used by its Consulting team was accessed and some data copied by an unauthorized third party. Attackers identifying as Crimson Collective claimed to have stolen 570 Gb of compressed data from 28,000 private repositories, including source code, credentials, secrets, configurations, and customer engagement reports. The attackers asserted they used the data to access customer infrastructure and attempted extortion, though extortion reportedly failed and interaction was limited. SOCRadar reported data from up to 800 customers may have been obtained, including major companies and U.S. government organizations. Red Hat removed access, isolated the instance, contacted authorities, and continues investigating.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]