Red Hat hackers Crimson Collective are now going after AWS instances

Crimson Collective hackers target AWS using exposed credentials to escalate privileges and exfiltrate data
Attackers use TruffleHog to find secrets, then create IAM users and access keys via API
Red Hat breach yielded 570GB of sensitive files, including 800 infrastructure-rich consulting records

Crimson Collective, the threat actor behind the recent breach at Red Hat, is now going after Amazon Web Services (AWS) cloud environments, looking to establish persistence, steal data, and extort the victims for money.

Cybersecurity researchers Rapid7 found the attackers are using TruffleHog, an open source security tool designed to search for secrets, credentials, and API keys that may have been accidentally exposed in code repositories or other sources. After finding exposed AWS credentials, the attackers create new IAM users and login profiles via API calls, and create new access keys, as well as escalating privileges by attaching new policies.

Finally, they use their access to map out their victim’s network and plan for data exfiltration and extortion.

Crimson Collective

Speaking to BleepingComputer, the company said its users should use short-term, least-privileged credentials, and implement restrictive IAM policies, to combat the threat.

“In the event a customer suspects their credentials may have been exposed, they can start by following the steps listed in this post,” AWS explained. “If customers have any questions about the security of their accounts, they are advised to contact AWS support.

Crimson Collective recently turned heads when it broke into Red Hat’s private GitLab environment repositories and exfiltrated approximately 570GB of different files from 28,000 internal projects.

Among the files were 800 Customer Engagement Records (CER) – internal consulting documents that Red Hat created to support enterprise clients, and typically include detailed infrastructure information (network architecture, system configuration, etc), authentication and access data (credentials, access tokens, and more), and operational insights (recommendations, troubleshooting notes, and similar).

This makes them extremely valuable, since they can easily be leveraged in follow-up attacks.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/ioiGboNmGxjo77hGKRFefJ-1980-80.jpg

Source link

Will ITV still be free? The potential Sky-ITV deal explained – and what it means for TV watchers

A rare Apple slip exposes complete web App Store front-end code and sends developers rushing to inspect surprising internal details

Disney World’s new Zootopia experience is fun, fast, and full of fur – literally, thanks to one incredible animatronic

19 best deals from the Currys Black Friday sale – TVs, laptops, appliances, headphones, and more

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Enterprise Products Partners' SWOT analysis: midstream giant's stock resilience tested

JetBlue's SWOT analysis: airline stock faces turbulence amid strategic shifts

Minnesota lawmaker killed on Saturday served with compassion, governor says

Minnesota shooting suspect told friend in text message: I might be dead soon

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Red Hat hackers Crimson Collective are now going after AWS instances

Will ITV still be free? The potential Sky-ITV deal explained – and what it means for TV watchers

A rare Apple slip exposes complete web App Store front-end code and sends developers rushing to inspect surprising internal details

Disney World’s new Zootopia experience is fun, fast, and full of fur – literally, thanks to one incredible animatronic

19 best deals from the Currys Black Friday sale – TVs, laptops, appliances, headphones, and more