‼️🚨 Red Hat breached: Crimson Collective stole 28k private repositories, including credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.
Our analysis of obtained data: 👇

The file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector organizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even mentions the U.S. Senate...
What's in the file tree dump?
Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
Inventories, hosts, Ansible playbooks, OpenShift install blueprints, CI/CD runners, VPN profiles, Quay/registry configs, Vault integrations, backups, and exported GitHub/GitLab configs.
The threat actor attempted to contact RedHat, and the reply is concerning...

Multiple staff were added to the ticket, visible to the threat actor, indicating an OpSec failure.

The threat actor told us that Red Hat is ignoring them and no longer responding to communication attempts.
Some example files:



Some of the customers being mentioned in the file tree:
| Company | X Handle |
|---------|----------|
| 3M | @3M |
| Accenture | @Accenture |
| Adeo | No official X handle found |
| Adobe | @Adobe |
| ADP | @ADP |
| Alaska Airlines | @AlaskaAir |
| Ally | @Ally |
| Amadeus | @AmadeusITGroup |
| Amdocs | @Amdocs |
| American Express | @AmericanExpress |
| Arch Insurance | @ArchInsInt |
| Avangrid | @Avangrid |
| Company | X Handle |
|---------|----------|
| 3M | @3M |
| Accenture | @Accenture |
| Adeo | No official X handle found |
| Adobe | @Adobe |
| ADP | @ADP |
| Alaska Airlines | @AlaskaAir |
| Ally | @Ally |
| Amadeus | @AmadeusITGroup |
| Amdocs | @Amdocs |
| American Express | @AmericanExpress |
| Arch Insurance | @ArchInsInt |
| Avangrid | @Avangrid |
| AXA | @AXA |
| Bank of America | @BankofAmerica |
| BBVA | @bbva |
| BNP Paribas | @BNPParibas |
| BNSF Railway | @BNSFRailway |
| Boeing | @Boeing |
| Bosch | @BoschGlobal |
| Capgemini | @Capgemini |
| Cisco | @Cisco |
| Citi | @Citi |
| Cummins | @Cummins |
| Deloitte | @Deloitte |
| Delta Air Lines | @Delta |
| DHL | @DHLGlobal |
| Bank of America | @BankofAmerica |
| BBVA | @bbva |
| BNP Paribas | @BNPParibas |
| BNSF Railway | @BNSFRailway |
| Boeing | @Boeing |
| Bosch | @BoschGlobal |
| Capgemini | @Capgemini |
| Cisco | @Cisco |
| Citi | @Citi |
| Cummins | @Cummins |
| Deloitte | @Deloitte |
| Delta Air Lines | @Delta |
| DHL | @DHLGlobal |
| Ericsson | @ericsson |
| Experian | @Experian |
| Federal Aviation Administration (FAA) | @FAANews |
| Federal Emergency Management Agency (FEMA) | @fema |
| Finanz Informatik | @FI_FFM |
| Finastra | @FinastraFS |
| Garanti BBVA | @GarantiBBVA |
| HSBC | @HSBC |
| IBM | @IBM |
| IHG Hotels & Resorts | @IHGhotels |
| IKEA | @IKEA |
| Inditex | @Inditex |
| Injazat | @injazat |
| Isabel Group | No official X handle found |
| JPMorgan Chase | @jpmorgan |
| Karolinska University Hospital | @karolinskainst |
| Leidos | @LeidosInc |
| Lloyds Banking Group | @LBGplc |
| Marriott International | @MarriottIntl |
| Mavenir | @Mavenir |
| Merrick Bank | @merrickbank |
| Experian | @Experian |
| Federal Aviation Administration (FAA) | @FAANews |
| Federal Emergency Management Agency (FEMA) | @fema |
| Finanz Informatik | @FI_FFM |
| Finastra | @FinastraFS |
| Garanti BBVA | @GarantiBBVA |
| HSBC | @HSBC |
| IBM | @IBM |
| IHG Hotels & Resorts | @IHGhotels |
| IKEA | @IKEA |
| Inditex | @Inditex |
| Injazat | @injazat |
| Isabel Group | No official X handle found |
| JPMorgan Chase | @jpmorgan |
| Karolinska University Hospital | @karolinskainst |
| Leidos | @LeidosInc |
| Lloyds Banking Group | @LBGplc |
| Marriott International | @MarriottIntl |
| Mavenir | @Mavenir |
| Merrick Bank | @merrickbank |
|Migros | @migros |
| Mizuho | No official X handle found |
| National Australia Bank | @nab |
| National Institute of Standards and Technology (NIST) | @NIST |
| National Security Agency (NSA) | @NSAGov |
| Nestlé | @Nestle |
| Nokia | @nokia |
| NSW Police | @nswpolice |
| NTT Docomo | @docomo |
| O2 | @O2 |
| Orange | @orange |
| PGE | @PGE4Me |
| Pirelli | @Pirelli |
| PLDT | @pldt |
| Proximus | @proximus |
| QBE Insurance Group | @qbe |
| Safran | @SAFRAN |
| Santander | @bancosantander |
| Saudi Aramco | @aramco |
| Siemens | @Siemens |
| Sony | @Sony |
| Special Tribunal for Lebanon | @STLebanon |
| StarHub | @StarHub |
| stc | @stc |
| Sumitomo | @SumitomoCorpor1 |
| SWIFT | @SWIFTcommunity |
| Swissgrid | @swissgridag |
| T-Mobile | @TMobile |
| Takeda | @TakedaPharma |
| Telefónica | @Telefonica |
| Telenor | @TelenorGroup |
| Telkom | @TelkomZA |
| Telstra | @Telstra |
| Türkiye İş Bankası | @isbankasi |
| U.S. Cellular | @UScellular |
| U.S. Citizenship and Immigration Services (USCIS) | @USCIS |
| U.S. Customs and Border Protection (CBP) | @CBP |
| U.S. Department of Agriculture (USDA) | @USDA |
| U.S. Department of Energy — Idaho National Laboratory (INL) | @INL |
| U.S. Department of Homeland Security (DHS) | @DHSgov |
| UBS | @UBS |
| United Airlines | @united |
| United States Air Force (Air Mobility Command) | @AirMobilityCmd |
| United States Air Force (USAF) | @usairforce |
| United States Patent and Trademark Office (USPTO) | @uspto |
| United States Senate (Sergeant at Arms) | @SenateSAA |
| UPS | @UPS |
| Verizon | @Verizon |
| Vodafone | @VodafoneGroup
| Mizuho | No official X handle found |
| National Australia Bank | @nab |
| National Institute of Standards and Technology (NIST) | @NIST |
| National Security Agency (NSA) | @NSAGov |
| Nestlé | @Nestle |
| Nokia | @nokia |
| NSW Police | @nswpolice |
| NTT Docomo | @docomo |
| O2 | @O2 |
| Orange | @orange |
| PGE | @PGE4Me |
| Pirelli | @Pirelli |
| PLDT | @pldt |
| Proximus | @proximus |
| QBE Insurance Group | @qbe |
| Safran | @SAFRAN |
| Santander | @bancosantander |
| Saudi Aramco | @aramco |
| Siemens | @Siemens |
| Sony | @Sony |
| Special Tribunal for Lebanon | @STLebanon |
| StarHub | @StarHub |
| stc | @stc |
| Sumitomo | @SumitomoCorpor1 |
| SWIFT | @SWIFTcommunity |
| Swissgrid | @swissgridag |
| T-Mobile | @TMobile |
| Takeda | @TakedaPharma |
| Telefónica | @Telefonica |
| Telenor | @TelenorGroup |
| Telkom | @TelkomZA |
| Telstra | @Telstra |
| Türkiye İş Bankası | @isbankasi |
| U.S. Cellular | @UScellular |
| U.S. Citizenship and Immigration Services (USCIS) | @USCIS |
| U.S. Customs and Border Protection (CBP) | @CBP |
| U.S. Department of Agriculture (USDA) | @USDA |
| U.S. Department of Energy — Idaho National Laboratory (INL) | @INL |
| U.S. Department of Homeland Security (DHS) | @DHSgov |
| UBS | @UBS |
| United Airlines | @united |
| United States Air Force (Air Mobility Command) | @AirMobilityCmd |
| United States Air Force (USAF) | @usairforce |
| United States Patent and Trademark Office (USPTO) | @uspto |
| United States Senate (Sergeant at Arms) | @SenateSAA |
| UPS | @UPS |
| Verizon | @Verizon |
| Vodafone | @VodafoneGroup
This appears to be a significant breach based on the information obtained. Without access to the full archive, we cannot determine the full scope of the alleged breach. We have contacted Red Hat for comment.
Generated by Thread Navigator
Press ⌘ + S to quick-export
