Overview

• The Crimson Collective claims it exfiltrated about 570GB from a Red Hat Consulting GitLab instance, spanning roughly 28,000 internal repositories and around 800 Customer Engagement Reports.
• Reporters who viewed samples describe configuration snippets, database connection strings, and references to customer systems consistent with sensitive consulting artifacts.
• The group posted a file tree, CER lists, and screenshots on Telegram, with listings referencing major organizations including banks, telecoms, retailers, and U.S. government bodies.
• The hackers say they found authentication tokens and assert they used some to access client infrastructure, and they claim an extortion attempt drew only an automated response from Red Hat.
• Red Hat acknowledged a consulting-related security incident and initiated remediation but has not verified the attackers’ detailed claims, and outlets corrected early reports to note the affected platform was GitLab.