Red Hat data breach escalates as ShinyHunters joins extortion – BleepingComputer
Oracle patches EBS zero-day exploited in Clop data theft attacks
Discord discloses data breach after hackers steal support tickets
ParkMobile pays… $1 each for 2021 data breach that hit 22 million
Massive surge in scans targeting Palo Alto Networks login portals
Red Hat data breach escalates as ShinyHunters joins extortion
Microsoft: Critical GoAnywhere bug exploited in ransomware attacks
Microsoft: Running multiple Office apps causes Copilot issues
Zeroday Cloud hacking contest offers $4.5 million in bounties
How to access the Dark Web using the Tor Browser
How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
How to use the Windows Registry Editor
How to backup and restore the Windows Registry
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
Remove the Theonlinesearch.com Search Redirect
Remove the Smartwebfinder.com Search Redirect
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Antivirus 2009 (Uninstall Instructions)
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
eLearning
IT Certification Courses
Gear + Gadgets
Security
Best VPNs
How to change IP address
Access the dark web safely
Best VPN for YouTube
Enterprise software giant Red Hat is now being extorted by the ShinyHunters gang, with samples of stolen customer engagement reports (CERs) leaked on their data leak site.
News of the Red Hat data breach broke last week when a hacking group known as the Crimson Collective claimed to have stolen nearly 570GB of compressed data across 28,000 internal development repositories.
This data allegedly includes approximately 800 Customer Engagement Reports (CERs), which can contain sensitive information about a customer’s network, infrastructure, and platforms.
The threat actors claimed to have attempted to extort Red Hat into paying a ransom to prevent the public disclosure of the data, but received no response.
Red Hat later confirmed to BleepingComputer that the breach affected its GitLab instance, which was used solely for Red Hat Consulting on consulting engagements.
Soon after the breach was disclosed, threat actors known as Scattered Lapsus$ Hunters sought to make contact with Crimson Collective.
Yesterday, Crimson Collective announced that it had partnered with Scattered Lapsus$ Hunters to utilize the newly launched ShinyHunters data leak site to continue their extortion attempts against Red Hat.
“On the 4th April 1949 was created the so big called NATO, but what if today’s new alliance was bigger than that ? But for a greater purpose, ruining corporations mind,” reads a post to the hacking group’s Telegram channel.
“What if, Crimson’s shininess extends even further away ?”
“Regarding the current announcement regarding us, we are going to collaborate with ShinyHunter’s for the future attacks and releases,” the Crimson Collective threat actors told BleepingComputer.
In coordination with the announcement, a Red Hat entry has now appeared on a new ShinyHunters data leak extortion site, warning the company that data would be publicly leaked on October 10th if a ransom demand was not negotiated with ShinyHunters.
In addition, the threat actors released samples of the stolen CERs, including those for Walmart, HSBC, Bank of Canada, Atos Group, American Express, Department of Defence, and Société Française du Radiotéléphone.
BleepingComputer contacted Red Hat about this development but did not receive a response.
For months, BleepingComputer has surmised that ShinyHunters was acting as an extortion-as-a-service (EaaS), where they work with threat actors to extort a company in exchange for a share of the extortion demand, similar to how ransomware-as-a-service gangs operate.
This theory was based on the numerous attacks conducted by various threat actors, all of which were extorted under the ShinyHunters name, including those targeting Oracle Cloud and PowerSchool.
Conversations with ShinyHunters further supported this theory, as the group has previously claimed not to be behind a particular breach but rather just acting as a broker of the stolen data.
Furthermore, there have been numerous arrests of individuals associated with the name “ShinyHunters” over the years, including those linked to the Snowflake data theft attacks, breaches at PowerSchool, and the operation of the Breached v2 hacking forum.
However, even after these arrests, new attacks occur with companies receiving extortion emails stating, “We are ShinyHunters”.
Today, ShinyHunters told BleepingComputer that they have been privately operating as an EaaS, where they take a revenue share from any extortion payments generated for other threat actors’ attacks.
“Everyone i’ve worked with in the past have taken 70 or 75% and I receive a 25-30%,” claimed the threat actor.
With the launch of the ShinyHunters data leak site, it appears that the threat actor is now publicly operating the extortion service.
In addition to Red Hat, ShinyHunters is also extorting SP Global on behalf of another threat actor that claimed to breach the company in February 2025.
BleepingComputer had contacted SP Global at the time about the alleged breach, but was told that the claims were false and that the company was not breached.
However, the threat actors have now released samples of data on the data leak site, claiming they were stolen during the attack, and have also set an October 10th deadline.
After contacting SP Global again today regarding its inclusion on the data leak site, they decided not to comment on the claims.
“We don’t comment on such claims. We note that as a US listed company, we are required to publicly disclose material cybersecurity incidents,” SP Global told BleepingComputer.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
Red Hat confirms security incident after hackers breach GitLab instance
ShinyHunters launches Salesforce data leak site to extort 39 victims
Oracle patches EBS zero-day exploited in Clop data theft attacks
Automaker giant Stellantis confirms data breach after Salesforce hack
Farmers Insurance data breach impacts 1.1M people after Salesforce attack
Not a member yet? Register Now
Discord discloses data breach after hackers steal support tickets
Signal adds new cryptographic defense against quantum attacks
ShinyHunters launches Salesforce data leak site to extort 39 victims
Worried about service-desk social engineering? See a proven verification workflow.
Segment Smarter, Not Harder: The Ultimate Buyer’s Guide for Microsegmentation Solutions
The role of Artificial Intelligence in today’s cybersecurity landscape
Presenting AI to the Board? Get the Free Template.
Stay ahead of the curve and build the skills industry trends demand with VMUG Advantage.
Terms of Use – Privacy Policy – Ethics Statement – Affiliate Disclosure
Copyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
