"The cyberattack on software company Red Hat has taken a new turn, with the hacker group ShinyHunters now joining the extortion attempt. The criminals published examples of stolen customer data on their own data breach platform. This seems to escalate the incident further. The attack was initially claimed by a group known as the Crimson Collective. They claimed to have stolen nearly 570 gigabytes of internal data from some 28,000 development repositories."
"According to the attackers, the loot also includes hundreds of so-called Customer Engagement Reports (CERs), which contain confidential information about customers' infrastructure and systems. When Red Hat did not respond to their extortion attempt, the criminals sought cooperation with other groups. Reports from BleepingComputer indicate that Crimson Collective and Scattered Lapsus$ Hunters are collaborating and utilizing the ShinyHunters data leak site to exert pressure on Red Hat."
"Red Hat is now listed on the ShinyHunters website. The listing warns that the stolen data will be published on October 10 if the company does not enter into negotiations. According to the hackers, the sample files released include reports from Walmart, HSBC, the Bank of Canada, Atos Group, American Express, the US Department of Defense, and French telecom company SFR."
Multiple hacker groups claim to have stolen nearly 570 gigabytes from about 28,000 Red Hat development repositories, including hundreds of Customer Engagement Reports containing confidential customer infrastructure details. Attackers say the data samples reference organizations such as Walmart, HSBC, the Bank of Canada, Atos Group, American Express, the US Department of Defense, and SFR. When Red Hat did not engage with the extortion demand, criminals sought cooperation from other groups and used the ShinyHunters leak site to increase pressure. Red Hat confirmed the incident involved a GitLab environment used by its consulting division and reported immediate containment actions, loss of attacker access, isolation of the affected instance, and notification of authorities.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]