Stay in touch with ZDNET:
Add us as a preferred source on Google.
Key Takeaways from ZDNET
- Red Hat’s private GitLab repositories have been breached by hackers.
- Confidential information related to several Red Hat Consulting clients appears to have been compromised.
- The extent of this breach is still being assessed.
A incidence of a security breach is a reality that every organization faces. This time, the target is Red Hat, a prominent player in the Linux and cloud sectors. The hacking group known as Crimson Collective, also referred to as Eye Of Providence, has asserted responsibility for the unauthorized access to Red Hat’s private GitLab repositories, claiming to have stolen customer data along with proprietary source code.
Recently, the group publicized their claims on Telegram, sharing screenshots that supposedly display directory contents from internal Red Hat projects. Red Hat has subsequently acknowledged the breach, responding to the incident with an investigation and precautionary measures to secure their systems.
In a statement, Red Hat indicated, “We recently detected unauthorized access to a GitLab instance utilized for internal collaboration related to specific consulting engagements. An immediate investigation was initiated, unauthorized access was revoked, and relevant authorities were informed. The ongoing inquiry has revealed the copying of some data by an unauthorized third party.”
The hackers allege that nearly 570GB of information was extracted from approximately 28,000 internal development repositories, including about 800 Customer Engagement Reports (CERs). These documents contain critical insights into client environments, which could potentially enable the attackers to compromise downstream customer infrastructures.
Assessing Vulnerability for Downstream Customers
Red Hat has responded by asserting that the data obtained primarily concerned consulting engagement details, which typically do not include sensitive personal data. Their investigation has not identified any evidence of personal information being part of the affected data.
The hacking group has touted access to sensitive CERs from major clients such as AT&T and Fidelity, as well as government entities like the US Navy and the Federal Aviation Administration. However, Red Hat emphasized that the breach pertains exclusively to Red Hat Consulting customers and does not impact their broader service offerings or products.
For those not utilizing Red Hat Consulting, the company asserts that there is no evidence indicating that they are affected by this incident, urging users to remain vigilant while their security teams continue to investigate the matter.
It’s essential to note that while GitLab software plays a role in this incident, the security breach primarily falls under the purview of Red Hat, not GitLab itself. GitLab has clarified that their managed systems remain uncompromised and that the incident concerns Red Hat’s own self-hosted GitLab Community Edition. Organizations utilizing this version bear the responsibility of maintaining security.
Crimson Collective claims to have extracted substantial data, including unreleased projects and security-related tools. However, there has been no verification of these claims through public leak sites. Given Red Hat’s open-source foundation, the notion that accessing its source code presents a tangible threat remains questionable, contrasting with proprietary systems like those from Apple or Microsoft.
This incident undoubtedly impacts Red Hat’s reputation, especially as organizations increasingly scrutinize open-source supply chain security. As the investigation unfolds, Red Hat has not yet provided clarity on the severity of the situation, underlining the common phenomenon where cybercrime entities may amplify the severity of breaches for notoriety.
