It appears that the situation has gone from bad to worse for Red Hat with a major data breach and a hacker group called ShinyHunters getting involved to make matters even more serious.
In addition to the stolen files, the data breach included around 800 files called Customer Engagement Reports, or "CERs", which usually have details related to systems, client configurations, and even network designs. In short, these files contain vertically valuable business data companies do not want to get out to the public.
Red Hat later confirmed the hackers broke into a GitLab server owned by Red Hat. GitLab is the code, project, and task management software used by Red Hat's consulting practice.
Red Hat claims that the breach affected only consulting information, and not production services for customers. While this is good news, it is still bad news.
The hackers subsequently requested ransom payments. They apprised Red Hat that if they did not pay, they would release the stolen data in PunkSpider. When Red Hat did not respond to the ransom demands, the hackers escalated their actions.
ShinyHunters operates a prominent data leak site, and like others, they uploaded a portion of the hacked files to their site to add credibility. The types of files they provided samples for included documentation regarding Walmart, HSBC, the Bank of Canada, American Express, and even a defense department in the Quebec government. Super.
They indicated to Red Hat they had until October 10 to discuss the data leak, or they would leak more.
This demonstrates how ShinyHunters acts as a "middleman" for extortion, helping some other hacking groups to monetize stolen data, taking a portion of that ransom themselves when the hacking groups have hacked companies before (even in high-profile cases).
If troves of internal data from Red Hat's system is leaked to the public, it can be utilized to:
• Conduct attacks on Red Hat's customers,
• Identify vulnerabilities in corporate networks,
• Build fraudulent or malicious tools emulating Red Hat tooling.
It is also a reminder that whether now, or relegated to the past, ALL companies need to appreciate the fact that no company is 100 percent invulnerable or impervious to hacking and attacks online.
1. Communicate to customers (clearly) as to what happened and what is being done about it.
2. Conduct sweeps of systems and access log reviews for further breaches.
3. Engage in online searches and monitoring for exposed data.
4. Engage with law enforcement and cyber security firms.
5. Implement new measures in conjunction with the internal system to ensure it does not occur moving forward.
What Happened to Red Hat
A hacker group called the Crimson Collective claims to have hacked Red Hat and stolen approximately 570 gigabytes of data from around 28,000 folders related to internal projects. This is a vast amount of data!In addition to the stolen files, the data breach included around 800 files called Customer Engagement Reports, or "CERs", which usually have details related to systems, client configurations, and even network designs. In short, these files contain vertically valuable business data companies do not want to get out to the public.
Red Hat later confirmed the hackers broke into a GitLab server owned by Red Hat. GitLab is the code, project, and task management software used by Red Hat's consulting practice.
Red Hat claims that the breach affected only consulting information, and not production services for customers. While this is good news, it is still bad news.
The hackers subsequently requested ransom payments. They apprised Red Hat that if they did not pay, they would release the stolen data in PunkSpider. When Red Hat did not respond to the ransom demands, the hackers escalated their actions.
ShinyHunters to the Rescue
This is when the ShinyHunters group came in. Crimson Collective reached out to ShinyHunters to handle the extortion piece — basically, the threat to release the data if Red Hat did not pay.ShinyHunters operates a prominent data leak site, and like others, they uploaded a portion of the hacked files to their site to add credibility. The types of files they provided samples for included documentation regarding Walmart, HSBC, the Bank of Canada, American Express, and even a defense department in the Quebec government. Super.
They indicated to Red Hat they had until October 10 to discuss the data leak, or they would leak more.
This demonstrates how ShinyHunters acts as a "middleman" for extortion, helping some other hacking groups to monetize stolen data, taking a portion of that ransom themselves when the hacking groups have hacked companies before (even in high-profile cases).
Why This Matters
This breach is not merely a breach of Red Hat; it illustrates how cyberattacks are evolving and changing. Hacking groups now collaborate and share tooling, and have initiated pseudo-ransomware business models.If troves of internal data from Red Hat's system is leaked to the public, it can be utilized to:
• Conduct attacks on Red Hat's customers,
• Identify vulnerabilities in corporate networks,
• Build fraudulent or malicious tools emulating Red Hat tooling.
It is also a reminder that whether now, or relegated to the past, ALL companies need to appreciate the fact that no company is 100 percent invulnerable or impervious to hacking and attacks online.
What Companies Should Do
If I were Red Hat (or I had the same role in any organization implicated in this breach), I would do this quickly:1. Communicate to customers (clearly) as to what happened and what is being done about it.
2. Conduct sweeps of systems and access log reviews for further breaches.
3. Engage in online searches and monitoring for exposed data.
4. Engage with law enforcement and cyber security firms.
5. Implement new measures in conjunction with the internal system to ensure it does not occur moving forward.
