An extortion group calling itself the Crimson Collective claims to have breached Pink Hat’s non-public GitHub repositories, stealing almost 570GB of compressed knowledge throughout 28,000 inside initiatives.
This knowledge allegedly contains roughly 800 Buyer Engagement Stories (CERs), which may comprise delicate details about a buyer’s community and platforms.
A CER is a consulting doc ready for shoppers that always incorporates infrastructure particulars, configuration knowledge, authentication tokens, and different info that could possibly be abused to breach buyer networks.
Pink Hat confirmed that it suffered a security incident associated to its consulting enterprise, however wouldn’t confirm any of the attacker’s claims concerning the stolen GitHub repositories and buyer CERs.
“Pink Hat is conscious of experiences concerning a security incident associated to our consulting enterprise and we’ve got initiated obligatory remediation steps,” Pink Hat informed BleepingComputer.
“The security and integrity of our methods and the info entrusted to us are our highest precedence. Presently, we’ve got no cause to consider the security difficulty impacts any of our different Pink Hat providers or merchandise and are extremely assured within the integrity of our software program provide chain.”
Whereas Pink Hat didn’t reply to any additional questions concerning the breach, the hackers informed BleepingComputer that the intrusion occurred roughly two weeks in the past.
They allegedly discovered authentication tokens, full database URIs, and different non-public info in Pink Hat code and CERs, which they claimed to make use of to realize entry to downstream buyer infrastructure.
The hacking group additionally printed an entire listing itemizing of the allegedly stolen GitHub repositories and an inventory of CERs from 2020 by 2025 on Telegram.
The listing itemizing of CERs embody a variety of sectors and well-known organizations equivalent to Financial institution of America, T-Cell, AT&T, Constancy, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Floor Warfare Middle, Federal Aviation Administration, the Home of Representatives, and lots of others.
In case you have any info concerning this incident or another undisclosed assaults, you may contact us confidentially by way of Sign at 646-961-3731 or at ideas@bleepingcomputer.com.
The hackers said that they tried to contact Pink Hat with an extortion demand however obtained no response aside from a templated reply instructing them to submit a vulnerability report back to their security group.
In line with them, the created ticket was repeatedly assigned to extra folks, together with Pink Hat’s authorized and security workers members.
BleepingComputer despatched Pink Hat extra questions, and we’ll replace this story if we obtain extra info.
The identical group additionally claimed duty for briefly defacing Nintendo’s subject web page final week to incorporate contact info and hyperlinks to their Telegram channel
Be part of the Breach and Attack Simulation Summit and expertise the way forward for security validation. Hear from high consultants and see how AI-powered BAS is reworking breach and assault simulation.
Do not miss the occasion that can form the way forward for your security technique
