Type
Campaign
Actors
Crimson Collective
Pub. date
October 2, 2025
Initial access
Unknown
Impact
Data exfiltration
References
https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/
Status
Finalized
Last edited
Oct 9, 2025 9:52 AM
An extortion group calling themselves "Crimson Collective" has claimed to have stolen nearly 570 GB of data from Red Hat's private GitLab repositories. Red Hat confirmed a security incident to BleepingComputer, saying "Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps."
Red Hat has publicly stated that they are "highly confident in the integrity of our software supply chain." "Crimson Collective" has claimed to have identified customer secrets in the data they have exfiltrated. Red Hat have also stated that they have directly notified all affected customers.