✨ Visual Editor

close

palette Canvas & Background

Gradient:arrow_forward
Text Color:
135°

style Card Style

40px
16px

text_fields Typography

16px
International Cyber Digest
@IntCyberDigest
‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.

Our analysis of obtained data: 👇
Thread image
International Cyber Digest
@IntCyberDigest
The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...
International Cyber Digest
@IntCyberDigest
What's in the file tree dump?

Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
International Cyber Digest
@IntCyberDigest
The threat actor attempted to contact RedHat, and the reply is concerning...
Thread image
International Cyber Digest
@IntCyberDigest
Multiple staff were added to the ticket, visible to the threat actor, indicating an OpSec failure.
Thread image
International Cyber Digest
@IntCyberDigest
The threat actor told us that Red Hat is ignoring them and no longer responding to communication attempts.
International Cyber Digest
@IntCyberDigest
Some example files:
Thread image
Thread image
Thread image
International Cyber Digest
@IntCyberDigest
Some of the customers being mentioned in the file tree:

| Company | X Handle |
|---------|----------|
| 3M | @3M |
| Accenture | @Accenture |
| Adeo | No official X handle found |
| Adobe | @Adobe |
| ADP | @ADP |
| Alaska Airlines | @AlaskaAir |
| Ally | @Ally |
| Amadeus | @AmadeusITGroup |
| Amdocs | @Amdocs |
| American Express | @AmericanExpress |
| Arch Insurance | @ArchInsInt |
| Avangrid | @Avangrid |
International Cyber Digest
@IntCyberDigest
| AXA | @AXA |
| Bank of America | @BankofAmerica |
| BBVA | @bbva |
| BNP Paribas | @BNPParibas |
| BNSF Railway | @BNSFRailway |
| Boeing | @Boeing |
| Bosch | @BoschGlobal |
| Capgemini | @Capgemini |
| Cisco | @Cisco |
| Citi | @Citi |
| Cummins | @Cummins |
| Deloitte | @Deloitte |
| Delta Air Lines | @Delta |
| DHL | @DHLGlobal |
International Cyber Digest
@IntCyberDigest
| Ericsson | @ericsson |
| Experian | @Experian |
| Federal Aviation Administration (FAA) | @FAANews |
| Federal Emergency Management Agency (FEMA) | @fema |
| Finanz Informatik | @FI_FFM |
| Finastra | @FinastraFS |
| Garanti BBVA | @GarantiBBVA |
| HSBC | @HSBC |
| IBM | @IBM |
| IHG Hotels & Resorts | @IHGhotels |
| IKEA | @IKEA |
| Inditex | @Inditex |
| Injazat | @injazat |
| Isabel Group | No official X handle found |
| JPMorgan Chase | @jpmorgan |
| Karolinska University Hospital | @karolinskainst |
| Leidos | @LeidosInc |
| Lloyds Banking Group | @LBGplc |
| Marriott International | @MarriottIntl |
| Mavenir | @Mavenir |
| Merrick Bank | @merrickbank |
International Cyber Digest
@IntCyberDigest
|Migros | @migros |
| Mizuho | No official X handle found |
| National Australia Bank | @nab |
| National Institute of Standards and Technology (NIST) | @NIST |
| National Security Agency (NSA) | @NSAGov |
| Nestlé | @Nestle |
| Nokia | @nokia |
| NSW Police | @nswpolice |
| NTT Docomo | @docomo |
| O2 | @O2 |
| Orange | @orange |
| PGE | @PGE4Me |
| Pirelli | @Pirelli |
| PLDT | @pldt |
| Proximus | @proximus |
| QBE Insurance Group | @qbe |
| Safran | @SAFRAN |
| Santander | @bancosantander |
| Saudi Aramco | @aramco |
| Siemens | @Siemens |
| Sony | @Sony |
| Special Tribunal for Lebanon | @STLebanon |
| StarHub | @StarHub |
| stc | @stc |
| Sumitomo | @SumitomoCorpor1 |
| SWIFT | @SWIFTcommunity |
| Swissgrid | @swissgridag |
| T-Mobile | @TMobile |
| Takeda | @TakedaPharma |
| Telefónica | @Telefonica |
| Telenor | @TelenorGroup |
| Telkom | @TelkomZA |
| Telstra | @Telstra |
| Türkiye İş Bankası | @isbankasi |
| U.S. Cellular | @UScellular |
| U.S. Citizenship and Immigration Services (USCIS) | @USCIS |
| U.S. Customs and Border Protection (CBP) | @CBP |
| U.S. Department of Agriculture (USDA) | @USDA |
| U.S. Department of Energy — Idaho National Laboratory (INL) | @INL |
| U.S. Department of Homeland Security (DHS) | @DHSgov |
| UBS | @UBS |
| United Airlines | @united |
| United States Air Force (Air Mobility Command) | @AirMobilityCmd |
| United States Air Force (USAF) | @usairforce |
| United States Patent and Trademark Office (USPTO) | @uspto |
| United States Senate (Sergeant at Arms) | @SenateSAA |
| UPS | @UPS |
| Verizon | @Verizon |
| Vodafone | @VodafoneGroup
International Cyber Digest
@IntCyberDigest
This appears to be a significant breach based on the information obtained. Without access to the full archive, we cannot determine the full scope of the alleged breach. We have contacted Red Hat for comment.
Generated by Thread Navigator
100%
view_carousel Carousel Studio NEW
Press + S to quick-export