Lawrence Abrams reports:
An extortion group calling itself the Crimson Collective claims to have stolen nearly 570GB of compressed data across 28,000 internal development respositories, with the company confirming it was a breach of one of its GitLab instances.
This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network and platforms.
A CER is a consulting document prepared for clients that often contains infrastructure details, configuration data, authentication tokens, and other information that could be abused to breach customer networks.
Red Hat confirmed that it suffered a security incident related to its consulting business, but would not verify any of the attacker’s claims regarding the stolen GitLab repositories and customer CERs.
Read more at Bleeping Computer.
A spokesperson for the hackers contacted DataBreaches yesterday to point this site to their account and information on the breach. As additional proof of claims, they provided this site with some additional details and what they claim is the CER for T-Mobile. DataBreaches has not yet submitted it to T-Mobile to ask them if they will verify it.
The spokesperson declined to discuss details of the incident or how much they were demanding. They also declined to answer when DataBreaches asked them if they were a re-brand of a previously known group or if they were a new group. When asked whether this site had ever reported on them before, they answered, “Maybe.”
As reported by Bleeping Computer, and as confirmed by this site, the hackers have already leaked some information, and claim that they gained access to some of the clients’ infrastructure as well. What they do next remains to be seen.