Cybercrims claim raid on 28,000 Red Hat repos, say they have sensitive customer files

A hacking crew claims to have broken into Red Hat's private GitHub repositories, exfiltrating some 570GB of compressed data, including sensitive documents belonging to customers. 

An extortion group calling itself "the Crimson Collective" posted on Telegram that it accessed more than 28,000 internal repos and stole hundreds of Customer Engagement Reports (CERs) in messages seen by The Register. These consultancy documents typically contain architecture diagrams, configuration details, authentication tokens, and network maps – effectively a blueprint of a customer's IT environment. 

The attackers have published file listings and shared samples of the supposed loot. Materials seen by us include configuration snippets, database connection strings, and references to customer systems that match the kind of content typically found in CERs. The crew claims the reports span 2020–2025 and involve major organizations in banking, telecoms and government.

Alongside the documents, the group also asserts it found authentication tokens inside ...