Enterprise software giant Red Hat is now being forced to recover by the Shinhocenters gang, stolen customer participation report (CER) samples have leaked on their data leak site.
The news of the red hat data violation came out last week when a hacking group named Crimson Collective claimed to steal about 570GB compressed data in 28,000 internal development repository.
The data allegedly includes around 800 customer participation reports (CERs), which may contain sensitive information about customer’s network, infrastructure and platforms.
Threaters claimed that they had tried to force Red Hat to give ransom to prevent public disclosure of data, but they did not get any response.
Red Hat later confirmed the bleepingcomputer that the violation has affected her gitlab instance, which was used only for red hat consulting on counseling works.
Soon after the violation was revealed, the danger actors, known as Scatterd Lapsus $ Hunters, demanded to make contact with Crimson Collective.
Yesterday, Crimson Collective announced that it partnered with Scatterd Lapsus $ Hunters to use the newly launched Shinhores data leak site to continue his forced recovery efforts against Red Hat.
A post on the Telegram channel of the hacking group wrote, “On 4 April 1949, such a big organization called NATO was formed, but what if today’s new alliance would have been bigger than that? But for a big purpose, ruining the minds of corporations.”
“What if, if the brightness of Krimson spreads even far away?”
Source: Bulping Computer
“Regarding the current announcement about us, we are going to cooperate with the shinhunters for future attacks and release,” Crimson Collective Threater actors told Bleeping Computer.
In coordination with the announcement, a red hat entry has now appeared on a new shinelers data leak extortion site, warning the company that the data will be leaked publicly on October 10 if the demand for ransom is not negotiated with the shinniers.
In addition, threatened CER samples issued stolen CER, including Walmart, HSBC, Bank of Canada, Atos Group, American Express, Defense Department and Society Franciyes du Radiotlephones.
The Bleeping computer contacted the Red Hat about this development but did not get any response.
The Shainheators Extortion-e-Sarvis
For months, the Bulping Computer has estimated that the shinyters were acting as an Extortion-e-Service (EAS), where they work with actors who work with the actors who work forcibly recovering a company in exchange for a part of the demand for forced recovery.
The principle was based on several attacks carried out by various danger actors, all of which were forced to recover under the name of Shainhemers, including Oracle Cloud and Powerscool target attacks.
The conversation with the Shinniers further supported the principle, as the group earlier claimed that it was not behind any particular violation, but was acting as a broker of stolen data.
In addition, there have been several arrests of individuals named “Shineheners” over the years, including people associated with snowflake data theft attacks, violations in paplesscool and operation of the Breech V2 Hacking Forum.
However, even after these arrests, companies are undergoing new attacks, which are being forcibly recovered emails, which have been said, “We are Shineheters”.
Today, Shinniors told the blemping communication that they were privately working as an EAAS, where they take revenue stake from any forced recovery payment generated for attacks by other danger actors.
The threatening actor claimed, “Whatever I have worked with in the past, he has scored 70 or 75% marks and I have got 25-30% marks.”
With the launch of the shinyteers data leak site, it appears that the threatening actor is now publicly operating the forced recovery service.
In addition to the Red Hat, the Shinelers is also extorting the SP Global on behalf of another threatening actor, which claimed to have a dent in the company in February 2025.
The BLIPINGCATCOR was approached by SP Global at the time by the alleged violation, but it was reported that the claims were false and the company was not violated.
However, the threatened people have now released data samples on the data leak site, claimed that they were stolen during the attack, and the October 10 deadline has also set.
After contacting SP Global again today regarding the inclusion of it on the data leak site, he decided not to comment on claims.
“We do not comment on such claims. We note that as a US listed company, we need to publicly disclose cyber security events,”
attend Violation and attack simulation summit And experience Future of security verificationListen to top experts and see how AI-Trained BAS Changing violations and imitations of attack.
Do not miss the event that will shape the future of your safety strategy
