Search
Get in Touch

Red Hat hackers Crimson Collective are now going after AWS instances

TechRadar
TechRadar
  • Crimson Collective hackers target AWS using exposed credentials to escalate privileges and exfiltrate data
  • Attackers use TruffleHog to find secrets, then create IAM users and access keys via API
  • Red Hat breach yielded 570GB of sensitive files, including 800 infrastructure-rich consulting records

Crimson Collective, the threat actor behind the recent breach at Red Hat, is now going after Amazon Web Services (AWS) cloud environments, looking to establish persistence, steal data, and extort the victims for money.

Cybersecurity researchers Rapid7 found the attackers are using TruffleHog, an open source security tool designed to search for secrets, credentials, and API keys that may have been accidentally exposed in code repositories or other sources. After finding exposed AWS credentials, the attackers create new IAM users and login profiles via API calls, and create new access keys, as well as escalating privileges by attaching new policies.

Finally, they use their access to map out their victim’s network and plan for data exfiltration and extortion.

Crimson Collective

Speaking to BleepingComputer, the company said its users should use short-term, least-privileged credentials, and implement restrictive IAM policies, to combat the threat.

“In the event a customer suspects their credentials may have been exposed, they can start by following the steps listed in this post,” AWS explained. “If customers have any questions about the security of their accounts, they are advised to contact AWS support.

Crimson Collective recently turned heads when it broke into Red Hat’s private GitLab environment repositories and exfiltrated approximately 570GB of different files from 28,000 internal projects.

Among the files were 800 Customer Engagement Records (CER) – internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

Via BleepingComputer

You might also like

Read more @ TechRadar

Previous article
The need for a modern fraud prevention stack
Next article
There’s still time to score savings of up to 60% on Fire TVs, Echo, Ring and Blink at Amazon UK
TechRadar
TechRadar

Latest posts

Build a cheap starter home theater: the best TV, soundbar, and streamer combos

TechRadar - 0
The nights are drawing in, the days are getting colder, and – whisper it – the holidays are growing nearer, all of which makes...

The Lavazza Assoluta adjusts its own brew settings to suit your beans, but does it make a good espresso?

TechRadar - 0
Last month, Italian coffee company Lavazza revealed its latest espresso machine, the Lavazza Assoluta. It's a good-looking bean-to-cup machine with an interesting selling point:...

“We turn microns into milliseconds” – How Hexagon hopes to be Oracle Red Bull Racing’s extra boost in winning Formula 1 success

TechRadar - 0
We’ve all heard it a hundred times; Formula 1 is about speed. But, as the cars get bigger and faster, and track limits get...

Apple’s rumored iPhone 18 upgrade will put the same amount of RAM in all four models

TechRadar - 0
The iPhone 18 could be in line for a RAM upgradeIt might get 12GB of RAM to match the other iPhonesMore RAM means better...

Have your say: are iPhones overrated?

TechRadar - 0
As a technology journalist of more than a decade, I've seen iPhone-centric Apple events come and go. Yet for TechRadar, the usual September Apple...

The OM System OM-5 II just took top spot in our travel camera guide – here are 5 reasons why it’s so good for...

TechRadar - 0
The OM System OM-5 II doesn’t have a big full-frame sensor, AI autofocus, 8K video or any of the other headline-grabbing features of the...

How to watch Real Madrid vs Barcelona: live streams, channels, previews and team news for the first El Clasico of 2025/26

TechRadar - 0
Real Madrid vs Barcelona Kick off: 3.15 pm BST/ 10.15 am ET, Sunday, October 26Stream on ESPN via Sling (US) and Premier Sports (UK)Access...

How to watch Aston Villa vs Man City: live stream Premier League 2025/26 game, TV channels, preview

TechRadar - 0
Aston Villa vs Man City: Oct. 26, 2025Time: 9am ET / 6am PT / 2pm BST / 11pm AESTBest Stream: USA Network via YouTube...

How to watch Arsenal vs Crystal Palace: live stream Premier League 2025/26 game, TV channels, preview

TechRadar - 0
Arsenal vs Crystal Palace: Oct. 26, 2025Time: 9am ET / 6am PT / 2pm BST / 11pm AESTBest Streams: Peacock (US) / Sky Sports...

This air fryer crispy sesame chicken is the closest I’ve come to replicating my favorite takeout

TechRadar - 0
If I see the words 'sticky sauce' on any menu, chances are I’m ordering whatever food it comes with. Even more so when I’m...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved