Two groups of cybercriminals are joining forces against Red Hat. They are extorting the company and threatening attacks on customers if their demands are not met.
The previously confirmed hack of a self-hosted Gitlab environment belonging to Red Hat’s consulting division is threatening to have far-reaching consequences. The so-called
Sensitive Customer Data
The cybercriminals have stolen a significant amount of customer data via Red Hat’s Gitlab environment. This includes data from approximately 28,000 repositories and hundreds of
read also
Red Hat Confirms Data Theft from GitLab Consulting Environment
The hackers accuse Red Hat of negligence regarding customer data. Since Red Hat itself hosts a community version of Gitlab, it is responsible for its security. The attackers claim they gained access to the data on September 13.
Extortion
They are now demanding money from Red Hat and are giving the company until October 10 to comply. If that happens, the criminals promise they will not directly attack Red Hat customers using the stolen data.
If the open-source specialist does not meet the demands, the opposite will happen. The 570 GB of stolen data reportedly contains enough information to exploit customers or gain access to their systems. This includes not only tokens but also configuration data, details about network architecture, login credentials, and more. In that respect, the hack is an example of a digital supply chain attack.
Red Hat itself doesn’t have many options. It can pay, without any guarantee that the stolen data won’t resurface at a later time. Doing nothing is also an option, with all the presumably public consequences that entails. In any case, the damage is done. It seems particularly important for affected customers to review their security and rotate tokens where relevant.