Open source software firm Red Hat has been hacked, with extortion group Crimson Collective claiming it has exfiltrated more than 570GB of data.
Red Hat has confirmed the incident, which it said related to a specific GitLab environment used by the Red Hat Consulting team.
"We recently detected unauthorized access to a GitLab instance used for internal Red Hat Consulting collaboration in select engagements," it said in a statement.
"Upon detection, we promptly launched a thorough investigation, removed the unauthorized party's access, isolated the instance, and contacted the appropriate authorities. Our investigation, which is ongoing, found that an unauthorized third party had accessed and copied some data from this instance."
The compromised GitLab instance housed consulting engagement data, which the firm said, could include Red Hat's project specifications, example code snippets, and internal communications about consulting services.
However, it said, this particular GitLab instance doesn't typically house sensitive personal data, and there's no indication that any has been accessed. And there was no sign, it said, that the incident had affected any of its other services or products, including its software supply chain or downloads of Red Hat software from official channels.
Red Hat said it had now implemented additional hardening measures designed to help prevent further access and contain the issue.
"If you are not a Red Hat Consulting customer, there is currently no evidence that you have been affected by this incident, it said. "We are engaging directly with any customers who may be impacted."
The Crimson Collective
The attack has been claimed by a little-known group called Crimson Collective, which said on its Telegram channel that it had exfiltrated data from more than 28,000 internal repositories.
These, it said, included client documents, Customer Engagement Reports (CERs), that could hold details of infrastructure, configuration data, authentication tokens, and full database Uniform Resource Identifiers (URIs).
"These consulting reports contain detailed information about how these companies' networks and systems are set up, including network designs, passwords, tokens used for system access, and other technical details," said Aras Nazarovas, a senior information security researcher at Cybernews.
"For hackers, these documents are pretty much golden – a step-by-step map showing exactly how the affected companies' computer systems are built and connected – reconnaissance is no longer needed."
According to International Cyber Digest, the repositories reference major banks, telecoms firms and airlines, along with Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and even the US Senate.
The Centre for Cybersecurity Belgium (CCB) has issued a warning.
"The Centre for Cybersecurity Belgium (CCB) assesses this breach poses a high risk for Belgian organisations that used Red Hat Consulting services or shared sensitive information (e.g., credentials, tokens, network data) with Red Hat," it said. "There is also potential supply chain impact if your service providers or IT partners worked with Red Hat Consulting."
It recommended that Red Hat customers revoke and rotate all tokens, keys, and credentials shared with Red Hat or used in integrations; check with their IT providers or partners whether they have used Red Hat Consulting, and assess potential exposure; and ramp up the monitoring of authentication events, API calls, and system access for anomalies.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- INSERT CONTENT
-
Samsung Galaxy Tab S11 Ultra reviewReviews A wonderful slab of technology, packed with AI features, and the battery life is fantastic – very much a tablet worthy of the name, 'Ultra'
-
Turning business data into business valueSponsored Podcast Businesses looking to harness unstructured data and deploy widespread agents need a steadfast strategy
-
Google warns executives are being targeted for extortion with leaked Oracle dataNews Extortion emails being sent to executives at large organisations appear to show evidence of a breach involving Oracle's E-Business Suite
-
Harrods rejects contact with hackers, after 430,000 customer records stolen from third-party providerNews The luxury department store has denied any link to a failed attack on its systems in May
-
Kido nursery hackers threaten to release more details – along with the personal data of 100 employeesNews The attack is the first to be claimed by the new threat group 'Radiant'
-
Air France and KLM confirm customer data stolen in third-party breachNews A spokesperson told ITPro the airlines are investigating "fraudulent access" to customer data following a third-party breach.
-
Average Brit hit by five data breaches since 2004News While the number of breaches has fallen, the UK has been the worst-hit country in Northern Europe since 2004
-
Personal data taken in Oxford City Council cyber attacknews The personal data of election workers has been accessed, but the council says it moved quickly to limit the effects of the breach
-
Supplier hack leaks UBS data – including CEO's phone numberNews Chain IQ incident could hit Swiss banking sector hard in "grim reminder" of risk of third-party breaches
-
23andMe 'failed to take basic steps' to safeguard customer dataNews The ICO has strong criticism for the way the genetic testing company responded to a 2023 breach.
