10/8/25, 3:34 PM                         Shinyhunters Extorts Red Hat Over Stolen CER Data - Dataconomy








                        Shinyhunters extorts Red Hat over
                        Shinyhunters extorts Red Hat over

                                             stolen CER data
                                             stolen CER data


             Red Hat faces extortion after 570GB of internal data and 800 customer reports were stolen, with ShinyHunters setting an October
                                                       10 ransom deadline.
                                                by Aytun Çelebi   October 7, 2025  in Cybersecurity











           Enterprise software company Red Hat is the target of an extortion campaign by the
           ShinyHunters group following a data breach. The incident, first claimed by a group called the
           Crimson Collective, involves stolen customer reports and has led to a new collaboration
           between the hacking organizations.

           The initial breach and stolen data


           The breach was announced last week when the Crimson Collective claimed it had stolen nearly
           570 gigabytes of compressed data from 28,000 of Red Hat’s internal development repositories.
           A key part of the stolen data is said to be approximately 800 Customer Engagement Reports
           (CERs). These documents are highly sensitive as they can contain specific details about a
           customer’s network architecture, IT infrastructure, and operational platforms.
           The attackers stated they attempted to contact Red Hat for a ransom payment but received no
           response. Red Hat later confirmed it had experienced a security incident, specifying that the
           breach was limited to a GitLab instance used by its consulting division for customer engagement
           work.

                                Stay Ahead of the Curve!
            Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and
           startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

                                        Subscribe Now

           Escalation through a new alliance

           The situation escalated when Crimson Collective announced a partnership with another group,
           Scattered Lapsus$ Hunters, to leverage the newly launched ShinyHunters data leak site for their
           extortion efforts. In a post on its Telegram channel, Crimson Collective hinted at the alliance.

             “What if, Crimson’s shininess extends even further away?”

           The group later confirmed the collaboration, stating they would work with ShinyHunters on future
           attacks and data releases.

           Following this, an entry for Red Hat appeared on the ShinyHunters data leak and extortion
           website. The post serves as a public warning, setting a deadline of October 10th for a ransom to
           be negotiated directly with ShinyHunters. To prove their claims, the attackers released samples
      https://dataconomy.com/2025/10/07/shinyhunters-extorts-red-hat-over-stolen-cer-data/                          1/2