- Crimson Collective breaches Red Hat GitLab, stealing 570GB from 28,000 internal projects
- Hackers claim to have stolen 800 Customer Engagement Records with sensitive infrastructure data
- Red Hat confirmed breach but denied evidence of stolen CERs or impact on other services
Red Hat has confirmed suffering a potentially serious data breach, but the company said it was not able to verify hacker claims of stolen customer secrets.
A hacking group called Crimson Collective claims to have accessed Red Hat’s private GitLab environments repositories, and exfiltrated approximately 570GB of different files from 28,000 internal projects.
"We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements," a Red Hat spokesperson told TechRadar Pro.
"Upon detection, we promptly launched a thorough investigation, removed the unauthorized party’s access, isolated the instance, and contacted the appropriate authorities. Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance."
"We have now implemented additional hardening measures designed to help prevent further access and contain the issue."
Big names
Among the files were 800 Customer Engagement Records (CER) - internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).
This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.
In its initial statement, Red Hat confirmed the breach, but could not verify the claims of stolen CER files.
At the same time, the hacking group told the publication the attack happened roughly two weeks ago, and that the database contained authentication tokens, full database URIs, and other private information that can allegedly be used to access downstream customers.
They named at least a dozen heavy hitters, including Bank of America, T-Mobile, AT&T, Fidelity, Mayo Clinic, Walmart, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, and many more.
"Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps," Red Hat said.
"The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain."
Crimson Collective tried to extort Red Hat for money, but ultimately failed, since the company kept replying with generic, templated replies, it said.
Via BleepingComputer
You might also like
- Several major Linux distros hit by serious Sudo security flaws
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
