Crimson Collective recruits Red Hat Consulting in its Scattered Lapsus$ Hunters and exposes their customer data, bringing up cybersecurity-related issues.

Red Hat has confirmed a large-scale security breach involving its request to GitLab, which is currently linked to the expanding Scattered Lapsus$ Hunters group. The attack by the Crimson Collective is reported to have exposed 28,000 Red Hat repositories containing code and customer engagement reports (CERs).

It states that the leaked data has sensitive information about the Red Hat Consulting clients, which includes tokens of access and infrastructure details. The breach has been included in the Scattered Lapsus$ Hunters Dark Web leak site, which contains 39 other organizations and has a ransom payment deadline before it goes to press.

The intrusion is attributed to the Crimson Collective, which is exploiting the leak site to blackmail Red Hat instead of launching direct attacks. Security experts caution that the group has made alliances with Scattered Lapsus$ Hunters, and the sophistication and extent of cybercrime actions are of concern.

Specialists add that Red Hat depositories did not have enough organizational and technical resources to secure sensitive data and that proactive security practices are significant. Attackers allegedly used applications such as TruffleHog to scour AWS credentials to gain privileged access and steal more sensitive data.

Security analysts recommend that organizations, including the Red Hat clients, use short-period credentials and restrictive identity and access management policies and constantly pay attention to repositories holding uncovered secrets.

The incident underlines the way the threat of Red Hat and other enterprise software providers is constantly changing, leading to strong security efforts being made, particularly with the increasing complexity and magnitude among the criminal groups in the industry.