ShinyHunters Attempts Extortion of Red Hat, Releases Stolen Data Samples

The notorious ShinyHunters ransomware group is reportedly attempting to extort enterprise software giant Red Hat, having published samples of the stolen data on their own dark web data leak platform.

 

Earlier this month, a group of threat actors going by the name Crimson Collective said it stole  nearly 570GB of compressed data across 28,000 internal development repositories. The stolen data included credentials, CI/CD secrets, pipeline configs, VPN profiles, and infrastructure blueprints.

 

According to International Cyber digest, the stolen files include thousands of repositories referencing major banks, telecoms, airlines, several public-sector organisations, including Citi, Verizon, Siemens, Bosch, JPMC, HSBC, Merrick Bank, Telstra, Telefonica, and the U.S. Senate.

 

Among the stolen data are nearly 800 Customer Engagement Reports (CERs), which often contain sensitive insights into a customer’s network and systems. These reports, typically prepared as part of consulting engagements, may include infrastructure diagrams, configuration details, access credentials, and other information that could be leveraged to infiltrate customer networks.

 

ICD added that the threat actor tried contacting RedHat, however, the company ignored them and stopped communication.

 

Recently, the BleepingComputer reported that shortly after the breach was disclosed, the threat actors, Scattered Lapsus$ Hunters, contacted Crimson Collective. Yesterday, the two groups announced a partnership to use the newly launched ShinyHunters data leak platform in an ongoing extortion campaign targeting enterprise software giant Red Hat.

 

“On the 4th April 1949 was created the so big called NATO, but what if today’s new alliance was bigger than that ? But for a greater purpose, ruining corporations mind.

 

“What if, Crimson’s shininess extends even further away ?” reads the hacking group’s Telegram post.

 

“Regarding the current announcement regarding us, we are going to collaborate with ShinyHunter’s for the future attacks and releases,” the Crimson Collective group added.

 

Following the announcement, Red Hat has appeared on ShinyHunters’ new data-leak extortion platform, where the group has threatened to publish stolen data on October 10 if the company fails to negotiate a ransom.