10/17/25, 10:08 AM                      Red Hat Breach Exposes 5000+ High Profile Enterprise Customers at Risk


























        LAPSUS$ Connection Emerges


        Security researcher Kevin Beaumont have identified crashing similarities between this attack and
        previous LAPSUS$ operations, particularly through technical artifacts and behavioral patterns.

        The breach exhibits characteristic LAPSUS$ signatures, including specific file naming conventions, HTML
        comment structures containing casual references, and the targeting of organizations previously victimized by
        the group.




























        Red Hat Listed on LAPSUS$ Hunters Portal
        Most notably, investigators discovered that “Miku,” allegedly the Telegram handle used by Crimson
        Collective, corresponds to Thalha Jubair, a UK teenager associated with LAPSUS$ who was recently
        charged by the National Crime Agency for the Transport for London cyberattack.

        The timeline indicates the Red Hat compromise occurred on September 13, 2025, prior to Jubair’s arrest,
        raising questions about operational security within custody arrangements.










      https://cybersecuritynews.com/red-hat-breach/                                                                 3/6