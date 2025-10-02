erek
"They allegedly found authentication tokens, full database URIs, and other private information in Red Hat code and CERs, which they claimed to use to gain access to downstream customer infrastructure.
The hacking group also published a complete directory listing of the allegedly stolen GitLab repositories and a list of CERs from 2020 through 2025 on Telegram.
The directory listing of CERs include a wide range of sectors and well known organizations such as Bank of America, T-Mobile, AT&T, Fidelity, Kaiser, Mayo Clinic, Walmart, Costco, the U.S. Navy’s Naval Surface Warfare Center, Federal Aviation Administration, the House of Representatives, and many others.
If you have any information regarding this incident or any other undisclosed attacks, you can contact us confidentially via Signal at 646-961-3731 or at tips@bleepingcomputer.com.
The hackers stated that they attempted to contact Red Hat with an extortion demand but received no response other than a templated reply instructing them to submit a vulnerability report to their security team.
According to them, the created ticket was repeatedly assigned to additional people, including Red Hat's legal and security staff members.
BleepingComputer sent Red Hat additional questions, and we will update this story if we receive more information.
The same group also claimed responsibility for briefly defacing Nintendo’s topic page last week to include contact information and links to their Telegram channel
Update 10/2/25: Story updated with correction from Red Hat that it was a GitLab instance that was breached and not a GitHub account."
Source: https://www.bleepingcomputer.com/ne...ncident-after-hackers-breach-gitlab-instance/
