“Crimson Collective” Claims Theft of Customer Data from Red Hat

Type

Campaign

Actors

Crimson Collective

Pub. date

October 2, 2025

Initial access

Unknown

Impact

Data exfiltration

References

https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/

Status

Finalized

Last edited

Oct 9, 2025 9:52 AM

An extortion group calling themselves "Crimson Collective" has claimed to have stolen nearly 570 GB of data from Red Hat's private GitLab repositories. Red Hat confirmed a security incident to BleepingComputer, saying "Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps."

Red Hat has publicly stated that they are "highly confident in the integrity of our software supply chain." "Crimson Collective" has claimed to have identified customer secrets in the data they have exfiltrated. Red Hat have also stated that they have directly notified all affected customers.