| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The Crimson Collective is a cybercrime group that claimed to have compromised Red Hat's private GitHub repositories in September 2025. The group asserted it had stolen 570GB of data from Red Hat's private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) containing sensitive network data. CERs often contain sensitive information including infrastructure details, configurations, and tokens that attackers could exploit to target customers' networks. The group shared proof of the breach on a Telegram channel, including a full file tree, CER list, and screenshots. The U.S.-based multinational software company confirmed the data breach but did not verify the Crimson Collective's claims. The group also claimed to have gained access to some of Red Hat's client infrastructure and stated they had warned the company but were ignored.
There are currently no families associated with this actor.
| 2025-10-03
⋅
Techzine
⋅
What we know so far about Red Hat’s GitLab instance breach Crimson Collective |
| 2025-10-02
⋅
CyberSecurityNews
⋅
Red Hat Data Breach – Threat Actors Claim Breach of 28K Private GitHub Repositories Crimson Collective |
| 2025-10-02
⋅
Security Affairs
⋅
Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories Crimson Collective |