‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints. Our analysis of obtained data: 👇
The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...
What's in the file tree dump? Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
The threat actor attempted to contact RedHat, and the reply is concerning...
Multiple staff were added to the ticket, visible to the threat actor, indicating an OpSec failure.
The threat actor told us that Red Hat is ignoring them and no longer responding to communication attempts.
Some example files:
Some of the customers being mentioned in the file tree: | Company | X Handle | |---------|----------| | 3M | @3M | | Accenture | @Accenture | | Adeo | No official X handle found | | Adobe | @Adobe | | ADP | @ADP | | Alaska Airlines | @AlaskaAir | | Ally | @Ally | | Amadeus |
| AXA | @AXA | | Bank of America | @BankofAmerica | | BBVA | @bbva | | BNP Paribas | @BNPParibas | | BNSF Railway | @BNSFRailway | | Boeing | @Boeing | | Bosch | @BoschGlobal | | Capgemini | @Capgemini | | Cisco | @Cisco | | Citi | @Citi | | Cummins | @Cummins | | Deloitte |
| Ericsson | @ericsson | | Experian | @Experian | | Federal Aviation Administration (FAA) | @FAANews | | Federal Emergency Management Agency (FEMA) | @fema | | Finanz Informatik | @FI_FFM | | Finastra | @FinastraFS | | Garanti BBVA | @GarantiBBVA | | HSBC | @HSBC | | IBM | @IBM |
This appears to be a significant breach based on the information obtained. Without access to the full archive, we cannot determine the full scope of the alleged breach. We have contacted Red Hat for comment.