{ "id": "e549b13d-673d-44e2-90a5-8410b72a163d", "created_at": "2026-04-06T00:09:09.070059Z", "updated_at": "2026-04-10T13:12:09.393578Z", "deleted_at": null, "sha1_hash": "26037988f2a71f44567a0066c80466904d78dbda", "title": "Cybercrime group claims to have breached Red Hat 's private GitHub repositories", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 573134, "plain_text": "Cybercrime group claims to have breached Red Hat 's private\r\nGitHub repositories\r\nBy Pierluigi Paganini\r\nPublished: 2025-10-02 · Archived: 2026-04-05 16:56:35 UTC\r\nThe cybercrime group calling itself the Crimson Collective claimed to have\r\ncompromised Red Hat ‘s private GitHub repositories.\r\nThe Crimson Collective claimed it had stolen 570GB from Red Hat ’s private GitHub repositories, including\r\n28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs\r\noften contain sensitive info, including infrastructure details, configurations, and tokens that attackers could exploit\r\nto target customers’ networks.\r\nThe U.S.-based multinational software company confirmed the data breach, but did not verify Crimson Collective.\r\nOn September 24, 2025, the threat actors shared on a Telegram channel a full file tree, CER list, and screenshots\r\nas proof of the security breach.\r\nhttps://securityaffairs.com/182866/data-breach/cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html\r\nPage 1 of 2\n\n“Btw gained access to some of their client’s infrastructure as well, already warned them but yeah they preferred\r\nignoring us,” the Crimson Collective wrote on Telegram.\r\nThe file tree includes thousands of repositories referencing major banks, telecoms, airlines, and public-sector\r\norganizations, such as Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even\r\nmentions the U.S. Senate.\r\nThe threat actor also shared evidence of their attempt to contact RedHat.\r\nRed Hat said protecting systems and data is a top priority, adding the incident doesn’t affect its other services or\r\nproducts, and its supply chain remains secure.\r\n“Red Hat is aware of reports regarding a security incident related to our consulting business and we have\r\ninitiated necessary remediation steps,” Red Hat told BleepingComputer.\r\n“The security and integrity of our systems and the data entrusted to us are our highest priority. At this time, we\r\nhave no reason to believe the security issue impacts any of our other Red Hat services or products and are highly\r\nconfident in the integrity of our software supply chain.”\r\nFollow me on Twitter: @securityaffairs and Facebook and Mastodon\r\nPierluigi Paganini\r\n(SecurityAffairs – hacking, data breach)\r\nSource: https://securityaffairs.com/182866/data-breach/cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html\r\nhttps://securityaffairs.com/182866/data-breach/cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://securityaffairs.com/182866/data-breach/cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html" ], "report_names": [ "cybercrime-group-claims-to-have-breached-red-hat-s-private-github-repositories.html" ], "threat_actors": [ { "id": "93d94f09-e09e-4597-b926-3417f8dc77c8", "created_at": "2025-10-05T02:00:04.681998Z", "updated_at": "2026-04-10T02:00:03.891223Z", "deleted_at": null, "main_name": "Crimson Collective", "aliases": [], "source_name": "MISPGALAXY:Crimson Collective", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434149, "ts_updated_at": 1775826729, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/26037988f2a71f44567a0066c80466904d78dbda.pdf", "text": "https://archive.orkl.eu/26037988f2a71f44567a0066c80466904d78dbda.txt", "img": "https://archive.orkl.eu/26037988f2a71f44567a0066c80466904d78dbda.jpg" } }