@IntCyberDigest: ‼️🚨 Red Hat breached: Crimson ...
@IntCyberDigest
16 views
Oct 01, 2025
2
The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...
3
What's in the file tree dump?
Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
6
The threat actor told us that Red Hat is ignoring them and no longer responding to communication attempts.
8
Some of the customers being mentioned in the file tree:
| Company | X Handle |
|---------|----------|
| 3M | @3M |
| Accenture | @Accenture |
| Adeo | No official X handle found |
| Adobe | @Adobe |
| ADP | @ADP |
| Alaska Airlines | @AlaskaAir |
| Ally | @Ally |
| Amadeus | @AmadeusITGroup |
| Amdocs | @Amdocs |
| American Express | @AmericanExpress |
| Arch Insurance | @ArchInsInt |
| Avangrid | @Avangrid |
| Company | X Handle |
|---------|----------|
| 3M | @3M |
| Accenture | @Accenture |
| Adeo | No official X handle found |
| Adobe | @Adobe |
| ADP | @ADP |
| Alaska Airlines | @AlaskaAir |
| Ally | @Ally |
| Amadeus | @AmadeusITGroup |
| Amdocs | @Amdocs |
| American Express | @AmericanExpress |
| Arch Insurance | @ArchInsInt |
| Avangrid | @Avangrid |
9
| AXA | @AXA |
| Bank of America | @BankofAmerica |
| BBVA | @bbva |
| BNP Paribas | @BNPParibas |
| BNSF Railway | @BNSFRailway |
| Boeing | @Boeing |
| Bosch | @BoschGlobal |
| Capgemini | @Capgemini |
| Cisco | @Cisco |
| Citi | @Citi |
| Cummins | @Cummins |
| Deloitte | @Deloitte |
| Delta Air Lines | @Delta |
| DHL | @DHLGlobal |
| Bank of America | @BankofAmerica |
| BBVA | @bbva |
| BNP Paribas | @BNPParibas |
| BNSF Railway | @BNSFRailway |
| Boeing | @Boeing |
| Bosch | @BoschGlobal |
| Capgemini | @Capgemini |
| Cisco | @Cisco |
| Citi | @Citi |
| Cummins | @Cummins |
| Deloitte | @Deloitte |
| Delta Air Lines | @Delta |
| DHL | @DHLGlobal |
10
| Ericsson | @ericsson |
| Experian | @Experian |
| Federal Aviation Administration (FAA) | @FAANews |
| Federal Emergency Management Agency (FEMA) | @fema |
| Finanz Informatik | @FI_FFM |
| Finastra | @FinastraFS |
| Garanti BBVA | @GarantiBBVA |
| HSBC | @HSBC |
| IBM | @IBM |
| IHG Hotels & Resorts | @IHGhotels |
| IKEA | @IKEA |
| Inditex | @Inditex |
| Injazat | @injazat |
| Isabel Group | No official X handle found |
| JPMorgan Chase | @jpmorgan |
| Karolinska University Hospital | @karolinskainst |
| Leidos | @LeidosInc |
| Lloyds Banking Group | @LBGplc |
| Marriott International | @MarriottIntl |
| Mavenir | @Mavenir |
| Merrick Bank | @merrickbank |
| Experian | @Experian |
| Federal Aviation Administration (FAA) | @FAANews |
| Federal Emergency Management Agency (FEMA) | @fema |
| Finanz Informatik | @FI_FFM |
| Finastra | @FinastraFS |
| Garanti BBVA | @GarantiBBVA |
| HSBC | @HSBC |
| IBM | @IBM |
| IHG Hotels & Resorts | @IHGhotels |
| IKEA | @IKEA |
| Inditex | @Inditex |
| Injazat | @injazat |
| Isabel Group | No official X handle found |
| JPMorgan Chase | @jpmorgan |
| Karolinska University Hospital | @karolinskainst |
| Leidos | @LeidosInc |
| Lloyds Banking Group | @LBGplc |
| Marriott International | @MarriottIntl |
| Mavenir | @Mavenir |
| Merrick Bank | @merrickbank |
11
|Migros | @migros |
| Mizuho | No official X handle found |
| National Australia Bank | @nab |
| National Institute of Standards and Technology (NIST) | @NIST |
| National Security Agency (NSA) | @NSAGov |
| Nestlé | @Nestle |
| Nokia | @nokia |
| NSW Police | @nswpolice |
| NTT Docomo | @docomo |
| O2 | @O2 |
| Orange | @orange |
| PGE | @PGE4Me |
| Pirelli | @Pirelli |
| PLDT | @pldt |
| Proximus | @proximus |
| QBE Insurance Group | @qbe |
| Safran | @SAFRAN |
| Santander | @bancosantander |
| Saudi Aramco | @aramco |
| Siemens | @Siemens |
| Sony | @Sony |
| Special Tribunal for Lebanon | @STLebanon |
| StarHub | @StarHub |
| stc | @stc |
| Sumitomo | @SumitomoCorpor1 |
| SWIFT | @SWIFTcommunity |
| Swissgrid | @swissgridag |
| T-Mobile | @TMobile |
| Takeda | @TakedaPharma |
| Telefónica | @Telefonica |
| Telenor | @TelenorGroup |
| Telkom | @TelkomZA |
| Telstra | @Telstra |
| Türkiye İş Bankası | @isbankasi |
| U.S. Cellular | @UScellular |
| U.S. Citizenship and Immigration Services (USCIS) | @USCIS |
| U.S. Customs and Border Protection (CBP) | @CBP |
| U.S. Department of Agriculture (USDA) | @USDA |
| U.S. Department of Energy — Idaho National Laboratory (INL) | @INL |
| U.S. Department of Homeland Security (DHS) | @DHSgov |
| UBS | @UBS |
| United Airlines | @united |
| United States Air Force (Air Mobility Command) | @AirMobilityCmd |
| United States Air Force (USAF) | @usairforce |
| United States Patent and Trademark Office (USPTO) | @uspto |
| United States Senate (Sergeant at Arms) | @SenateSAA |
| UPS | @UPS |
| Verizon | @Verizon |
| Vodafone | @VodafoneGroup
| Mizuho | No official X handle found |
| National Australia Bank | @nab |
| National Institute of Standards and Technology (NIST) | @NIST |
| National Security Agency (NSA) | @NSAGov |
| Nestlé | @Nestle |
| Nokia | @nokia |
| NSW Police | @nswpolice |
| NTT Docomo | @docomo |
| O2 | @O2 |
| Orange | @orange |
| PGE | @PGE4Me |
| Pirelli | @Pirelli |
| PLDT | @pldt |
| Proximus | @proximus |
| QBE Insurance Group | @qbe |
| Safran | @SAFRAN |
| Santander | @bancosantander |
| Saudi Aramco | @aramco |
| Siemens | @Siemens |
| Sony | @Sony |
| Special Tribunal for Lebanon | @STLebanon |
| StarHub | @StarHub |
| stc | @stc |
| Sumitomo | @SumitomoCorpor1 |
| SWIFT | @SWIFTcommunity |
| Swissgrid | @swissgridag |
| T-Mobile | @TMobile |
| Takeda | @TakedaPharma |
| Telefónica | @Telefonica |
| Telenor | @TelenorGroup |
| Telkom | @TelkomZA |
| Telstra | @Telstra |
| Türkiye İş Bankası | @isbankasi |
| U.S. Cellular | @UScellular |
| U.S. Citizenship and Immigration Services (USCIS) | @USCIS |
| U.S. Customs and Border Protection (CBP) | @CBP |
| U.S. Department of Agriculture (USDA) | @USDA |
| U.S. Department of Energy — Idaho National Laboratory (INL) | @INL |
| U.S. Department of Homeland Security (DHS) | @DHSgov |
| UBS | @UBS |
| United Airlines | @united |
| United States Air Force (Air Mobility Command) | @AirMobilityCmd |
| United States Air Force (USAF) | @usairforce |
| United States Patent and Trademark Office (USPTO) | @uspto |
| United States Senate (Sergeant at Arms) | @SenateSAA |
| UPS | @UPS |
| Verizon | @Verizon |
| Vodafone | @VodafoneGroup
12
This appears to be a significant breach based on the information obtained. Without access to the full archive, we cannot determine the full scope of the alleged breach. We have contacted Red Hat for comment.





