Red Hat Breach: Crimson Collective Claims Massive Theft of Private Repositories

On October 1, 2025, a Telegram channel linked to the Crimson Collective shared evidence of a breach targeting Red Hat’s private repositories.

According to the threat actor, they exfiltrated around 570 GB of data (compressed), from more than 28,000 Red Hat repositories, including Customer Engagement Reports (CERs) – consulting documents known to contain configuration files, network architecture, and even authentication tokens. A total of 800+ customers may be impacted, include commercial giants like IBM, Citi, Siemens, Bosch, and Verizon and U.S. government agencies including the NSA, Department of Energy, NIST, and others.