1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Red Hat hackers Crimson Collective are now going after AWS instan

    From TechnologyDaily@1337:1/100 to All on Thursday, October 09, 2025 15:30:08
    Red Hat hackers Crimson Collective are now going after AWS instances

    Date:
    Thu, 09 Oct 2025 14:28:00 +0000

    Description:
    The hackers' goal is still to extort the victims for money, experts warn.

    FULL STORY ======================================================================Crimson Collective hackers target AWS using exposed credentials to escalate
    privileges and exfiltrate data Attackers use TruffleHog to find secrets, then create IAM users and access keys via API Red Hat breach yielded 570GB of sensitive files, including 800 infrastructure-rich consulting records

    Crimson Collective, the threat actor behind the recent breach at Red Hat , is now going after Amazon Web Services (AWS) cloud environments , looking to establish persistence, steal data, and extort the victims for money.

    Cybersecurity researchers Rapid7 found the attackers are using TruffleHog, an open source security tool designed to search for secrets, credentials, and
    API keys that may have been accidentally exposed in code repositories or
    other sources. After finding exposed AWS credentials, the attackers create
    new IAM users and login profiles via API calls, and create new access keys,
    as well as escalating privileges by attaching new policies.

    Finally, they use their access to map out their victims network and plan for data exfiltration and extortion. Crimson Collective

    Speaking to BleepingComputer , the company said its users should use short-term, least-privileged credentials, and implement restrictive IAM policies, to combat the threat.

    "In the event a customer suspects their credentials may have been exposed, they can start by following the steps listed in this post," AWS explained. If customers have any questions about the security of their accounts, they are advised to contact AWS support.

    Crimson Collective recently turned heads when it broke into Red Hats private GitLab environment repositories and exfiltrated approximately 570GB of different files from 28,000 internal projects.

    Among the files were 800 Customer Engagement Records (CER) - internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

    This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

    Via BleepingComputer You might also like Red Hat confirms major data breach after hackers claim mega haul Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/red-hat-hackers-crimson-collective-are- now-going-after-aws-instances


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)