Red Hat breach escalates as criminals collaborate on 'multi-terabyte' extortion plot

Red Hat's breach nightmare just got worse, as the Crimson Collective crew that claims to have ransacked its GitLab repos has joined forces with the ShinyHunters-linked "Scattered Lapsus$ Hunters" gang to turn the screw with a full-blown extortion campaign.

The trouble began last week when a criminal group calling itself the Crimson Collective claimed it had copied around 570 GB of compressed data from a GitLab environment used by Red Hat's consulting arm, allegedly including some 28,000 internal repositories and hundreds of Customer Engagement Reports (CERs) that contain detailed infrastructure diagrams, configuration files, and, in places, secrets such as access tokens. 

In messages seen by The Register, the group also said it found authentication tokens inside repos and reports, which it claimed to have already used to compromise downstream Red Hat customers. 

Red Hat last week confirmed to The Reg that the breach was related to a ...