Red Hat Investigating Breach Impacting as Many as 28,000 Customers, Including the Navy and Congress
A hacking group claims to have pulled data from a GitLab instance connected to Red Hat’s consulting business, scooping up 570 GB of compressed data from 28,000 customers.
The hack was first reported by BleepingComputer and has been confirmed by Red Hat itself. “Red Hat is aware of reports regarding a security incident related to our consulting business and we have initiated necessary remediation steps,” Stephanie Wonderlick, Red Hat’s VP of communications told 404 Media.
A file released by the hackers and viewed by 404 Media suggested that the hacking group may have acquired some data related to about 800 clients, including Vodafone, T-Mobile, the US Navy’s Naval Surface Warfare Center, the Federal Aviation Administration, Bank of America, AT&T, the U.S. House of Representatives, and Walmart.
“The security and integrity of our systems and the data entrusted to us are our highest priority,” she said. “At this time, we have no reason to believe the security issue impacts any of our other Red Hat services or products and are highly confident in the integrity of our software supply chain.”
playlist.megaphone.fm?p=TBIEA2…
Red Hat is an open source software company that provides Linux-based enterprise software to a vast number of companies. As part of its business, Red Hat sells consulting contracts to users to help maintain their IT infrastructure. A hacking group that calls itself the Crimson Collective claims it breached a Red Hat GitLab repository that contained information related to Red Hat’s consulting clients.
“Since RedHat doesn't want to answer to us,” the hackers wrote in a channel on Telegram viewed by 404 Media, suggesting they have attempted to contact Red Hat. “Over 28000 repositories were exported, it includes all their customer's CERs [customer engagement reports] and analysis of their infra' [infrastructure] + their other dev's private repositories, this one will be fun,” the message added.. A CER is an internal document consultancy firms use to understand how its clients interact with their business. For an IT firm like Red Hat, this kind of document would contain a lot of information about a client's tech infrastructure including configuration data, network maps, and information about authentication tokens. A CER could help someone breach a network.
💡
Do you know anything else about this story? I would love to hear from you. Using a non-work device, you can message me securely on Signal at +1 347 762-9212 or send me an email at matthew@404media.co.
“We have given them too much time already to answer lol instead of just starting a discussion they kept ignoring the emails,” the message added.In another message, the group said it had “gained access to some of their clients' infrastructure as well, already warned them but yeah they preferred ignoring us.”
404 Media viewed data related to the breach and attempted to contact some of the affected clients, including the US Navy’s Naval Surface Warfare Center in Panama City and T-Mobile, but did not hear back.
Joseph Cox contributed additional reporting to this article.
Correction: this piece has been updated to say that the breach impacted a Red Hat GitLab, not a GitHub.