Red Hat hackers Crimson Collective are now going after AWS instances

Crimson Collective hackers target AWS using exposed credentials to escalate privileges and exfiltrate data
Attackers use TruffleHog to find secrets, then create IAM users and access keys via API
Red Hat breach yielded 570GB of sensitive files, including 800 infrastructure-rich consulting records

Crimson Collective, the threat actor behind the recent breach at Red Hat, is now going after Amazon Web Services (AWS) cloud environments, looking to establish persistence, steal data, and extort the victims for money.

Cybersecurity researchers Rapid7 found the attackers are using TruffleHog, an open source security tool designed to search for secrets, credentials, and API keys that may have been accidentally exposed in code repositories or other sources. After finding exposed AWS credentials, the attackers create new IAM users and login profiles via API calls, and create new access keys, as well as escalating privileges by attaching new policies.

Finally, they use their access to map out their victim’s network and plan for data exfiltration and extortion.

Crimson Collective

Speaking to BleepingComputer, the company said its users should use short-term, least-privileged credentials, and implement restrictive IAM policies, to combat the threat.

“In the event a customer suspects their credentials may have been exposed, they can start by following the steps listed in this post,” AWS explained. “If customers have any questions about the security of their accounts, they are advised to contact AWS support.

Crimson Collective recently turned heads when it broke into Red Hat’s private GitLab environment repositories and exfiltrated approximately 570GB of different files from 28,000 internal projects.

Among the files were 800 Customer Engagement Records (CER) – internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/ioiGboNmGxjo77hGKRFefJ-1980-80.jpg

Source link

What is the release date for Marshals: A Yellowstone Story episode 6 on CBS and Paramount+?

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

HP unleashes the Z8 Fury G6i with insane GPU power and memory for massive AI and simulation workloads

This new ‘laughing rat’ malware will steal your data and hack your systems — and then laugh at you while doing it

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Who Is Todd Blanche? All About the Acting AG After Pam Bondi Was Fired – Hollywood Life

Meryl Streep Recalls ‘Devil Wears Prada’ Being Dubbed As “Chick Flick”

Best Los Angeles Airbnbs Near Universal Studios Hollywood, California

‘The Pitt’ Star Katherine LaNasa on Dana and Robby’s Fight, His Sabbatical

Cherry Jonathan, Perpetua Resources CEO, sells $119555 in shares

Lyon McKinsey of Perpetua Resources sells $256k in shares

Coreweave CFO Agrawal sells $1184 in shares

Form 144 Whitehawk Therapeutics For: 2 April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Red Hat hackers Crimson Collective are now going after AWS instances

Who Is Todd Blanche? All About the Acting AG After Pam Bondi Was Fired – Hollywood Life

Cherry Jonathan, Perpetua Resources CEO, sells $119555 in shares

Meryl Streep Recalls ‘Devil Wears Prada’ Being Dubbed As “Chick Flick”

Lyon McKinsey of Perpetua Resources sells $256k in shares