- Crimson Collective violated the GitHub of Red Hat, steering wheel 570 GB at 28,000 internal projects
- Pirates claim to have stolen 800 customer engagement records with sensitive infrastructure data
- Red Hat confirmed the violation but refused proof of stolen or impact on other services
Red Hat has confirmed a data violation, but did not check the complaints of harassment of secret customers secrets.
Earlier this week, News announced that a hacking group called Crimson Collective accessed the private referentials of Github by Red Hat and exfiltrated around 570 GB of different files of 28,000 internal projects. Among the files, there were also 800 customer commitment records (CER).
These records are internal advisory documents that RED HAT has created to support business customers and generally include detailed information on infrastructure (network architecture, system configuration, etc.), authentication and access data (identification information, access tokens, and more), and operational information (recommendations, troubleshooting notes).
This makes them extremely precious because they can easily be exploited in follow -up attacks.
Big names
In a declaration shared with Bleeping CompomputeRed Hat confirmed the violation, but could not verify the claims of the stolen certified files. At the same time, the hacking group said to the publication that the attack took place about two weeks ago and that the database contained authentication tokens, full database URI and other private information that could be used to access downstream customers.
They have appointed at least a dozen heavy strikers, including Bank of America, T-Mobile, AT&T, Fidelity, Mayo Clinic, Walmart, US Navy’s Naval Surface Warfare Center, Federal Aviation Administration and many others.
“Red Hat is aware of reports on a security incident linked to our advisory activity and we have launched the necessary correction measures,” Red Hat told Bleeping Compompute. “The security and integrity of our systems and the data entrusted to us are our greatest priority. For the moment, we have no reason to believe that the security problem has an impact on our other Red Hat services or products and we are very confident in the integrity of our software supply chain.”
Crimson Collective tried to extort Red Hat for money, but finally failed, because the company continued to respond with generic and model responses, they said.
Via Bleeping Compompute
