Hackers Breach Red Hat’s GitLab Repositories
▼ Summary
– The Crimson Collective hacker group claims to have breached Red Hat’s GitLab and stolen data from over 28,000 internal repositories related to Red Hat Consulting.
– Allegedly stolen data includes credentials, CI/CD secrets, infrastructure blueprints, and customer engagement reports from major organizations like banks, telecoms, and government agencies.
– The breach exposed sensitive information from high-profile clients including Bank of America, Samsung, Boeing, and the U.S. Department of Homeland Security.
– Crimson Collective states they attempted to contact Red Hat with a ransom demand but only received an automated response directing them to submit a vulnerability report.
– Red Hat confirmed investigating the incident, initiated remediation steps, and expressed confidence that their software supply chain and other services remain unaffected.
A newly formed cybercrime syndicate known as The Crimson Collective has reportedly infiltrated Red Hat’s internal GitLab repositories, extracting proprietary data from more than 28,000 repositories tied to the company’s consulting division. This security breach potentially exposes sensitive client information and internal technical assets, raising serious concerns for organizations relying on Red Hat’s enterprise solutions.
Red Hat, a prominent American provider of open-source software including Linux distributions, cloud platforms, and automation tools, operates a professional services branch called Red Hat Consulting. This unit assists businesses in designing, implementing, and refining open-source IT systems while training client teams to manage their infrastructure effectively.
According to claims made by the hackers on Telegram, the stolen repositories contain a wide array of confidential materials. These reportedly include login credentials, CI/CD secrets, pipeline configurations, container registry settings, VPN profiles, infrastructure blueprints, Ansible automation playbooks, and OpenShift cluster installation guides. The data appears to reference numerous high-profile clients across multiple industries.
An analysis shared by the International Cyber Digest on social media platform X highlighted that “the file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate.”
The hacking group boasted about exporting over 28,000 repositories, stating they obtained “all their customer’s engagement reports and analysis of their infrastructure + their other developers’ private repositories.” They further alleged they had already penetrated some client infrastructures belonging to Red Hat Consulting customers.
Among the reportedly compromised customer engagement reports are documents linked to globally recognized entities including Bank of America, Carrefour, Lumen, Samsung, Bank of Canada, Novonordisk, PepsiCo, Intelsat, Accenture, Boeing, and various government bodies like the US Department of Homeland Security.
The extortion group claims they attempted to negotiate with Red Hat but received only an automated response directing them to submit a vulnerability report through official channels. When contacted by media outlets, Red Hat’s representatives stated they were investigating the security incident and had “initiated necessary remediation steps.” The company expressed confidence that other Red Hat services and products remained unaffected and maintained their software supply chain’s integrity.
Correction: Initial reports indicated the breach targeted GitHub repositories, but subsequent confirmation clarified that the incident involved a GitLab instance used by Red Hat Consulting. The article has been updated to reflect this accurate information.
(Source: HelpNet Security)
