Attackers copied customer data from Red Hat GitLab instance

Attackers had access to a Red Hat GitLab instance and were thus able to access sensitive data. Those responsible assure us that the attackers have since been removed from the system, but they were able to copy customer data.

Official statement

Red Hat confirms the incident in a post. They state that the attackers had access to a GitLab instance of the consulting team. The attackers are said to have copied customer data, including code extracts, internal communications and certain business data. The affected customers are currently being contacted by the software manufacturer.

Red Hat assures that the security incident does not affect any of its products and services. The software supply chain is intact and downloads from official sources are secure. Accounts and platforms have not been compromised, according to the company. It is currently not known how the attack took place. Investigations are still ongoing. Red Hat customers include AT&T, T-Mobile, and Walmart.

This is what the attackers claim

According to media reports, for example on the IT news website Bleepingcomputer, the criminals from Crimson Collective are behind the attack. In a Telegram messenger group, they claim to have copied 570 GB of data. According to them, this primarily includes customer engagement reports (CERs), which can contain details on network infrastructures and access tokens, among other things.

The attackers claim to want to blackmail Red Hat. However, their contact was only answered with an automated email to submit discovered security vulnerabilities. No further details on the case are currently available.

(des)