Red Hat Admits GitLab Hack, User Data Stolen

The technology firm Red Hat has officially acknowledged a security breach affecting one of its internal GitLab systems. This confirmation follows assertions made by a cybercriminal group that they successfully exfiltrated substantial amounts of proprietary data. Initially, reports suggested the attack targeted a GitHub repository; however, Red Hat clarified that the incident involved a GitLab instance specifically utilized by its internal Consulting team for collaborative project work.

A threat actor identifying as Crimson Collective has taken responsibility for the intrusion. They allege to have acquired approximately 570 gigabytes of compressed data originating from around 28,000 private repositories. The compromised information reportedly encompasses source code, various credentials, API secrets, system configuration files, and confidential customer engagement reports. Furthermore, the hackers claim they leveraged this stolen data to infiltrate the IT infrastructure of several Red Hat clients.

According to intelligence gathered by International Cyber Digest, the attackers engaged in an extortion attempt against Red Hat. This effort was reportedly unsuccessful, with the company limiting its interaction with the criminals. Cybersecurity firm SOCRadar provided additional context, indicating that data associated with as many as 800 customers may have been exposed. The list of potentially affected organizations is said to include prominent corporations like IBM, Siemens, Verizon, and Bosch, alongside U.S. government entities such as the Department of Energy, the National Institute of Standards and Technology (NIST), and the National Security Agency (NSA).

In an official blog post addressing the incident, Red Hat detailed its response. The company stated that upon discovering the unauthorized access, it immediately initiated a comprehensive investigation. Security teams revoked the attacker’s access, isolated the affected GitLab instance from the network, and notified law enforcement agencies. The ongoing investigation has confirmed that an unauthorized third party did access and copy certain data from the system.

Red Hat has not publicly commented on the specific allegations regarding customer infrastructure breaches. It is a common tactic for extortion groups to inflate their claims to increase pressure on their targets. The company clarified that the compromised instance contained materials like sample code, project specifications, and internal team communications related to consulting services. Importantly, Red Hat emphasized that this system was not designed to store highly sensitive personal information, and their investigation has so far found no evidence that such data was accessed or exposed.

In a statement provided to SecurityWeek, Red Hat sought to reassure its user base, stating, “We currently have no indication that this security event impacts any other Red Hat services or products. We maintain a high degree of confidence in the integrity of our software supply chain.” Some industry analysts had speculated about a potential connection between this breach and a recently patched privilege escalation vulnerability in Red Hat’s Openshift AI service. The company has since confirmed that the data breach is a separate incident and is not related to that previously identified software flaw.

(Source: Security Week)