Page 184 - Red Hat PR REPORT - OCTOBER 2025
P. 184
10/8/25, 3:30 PM ShinyHunters joins Crimson Collective in coordinated extortion effort against Red Hat
The alliance, which also involves a group calling itself Scattered Lapsus$ Hunters, has begun
publishing samples of stolen Red Hat customer data, including sensitive Customer Engagement
Reports (CERs), on a new data leak site.
The breach, first disclosed last week, allegedly involves nearly 570GB of compressed data
exfiltrated from Red Hat's internal systems.
According to Crimson Collective, the stolen data spans 28,000 internal development repositories,
including about 800 Customer Engagement Reports (CERs) – documents that often contain detailed
information about clients' infrastructure, authentication systems, and network configurations.
Red Hat last week acknowledged the breach but sought to limit concerns, explaining that the
incident was confined to a GitLab environment used by Red Hat Consulting and not its public
GitHub repositories or core product systems.
The company said there is no evidence that its product build systems or hosted services were
affected.
Despite that reassurance, cybersecurity analysts warn the leak could pose a serious downstream risk
to Red Hat clients if the exposed CERs prove genuine.
An extortion alliance emerges
In a statement posted to its Telegram channel, Crimson Collective announced it has now joined
forces with Scattered Lapsus$ Hunters and ShinyHunters.
"On the 4th April 1949 was created the so big called NATO, but what if today's new alliance was
bigger than that? But for a greater purpose, ruining corporations mind," the message reads.
"What if, Crimson's shininess extends even further away?"
The groups declared that their new coalition will coordinate future attacks and data releases through
ShinyHunters' newly launched data leak and extortion platform.
https://www.computing.co.uk/news/2025/security/shiny-hunters-crimson-collective-red-hat-extortion 2/4
