A recent data breach at software giant Red Hat has taken a more serious turn, with the notorious extortion group ShinyHunters joining the fray. This development significantly raises the stakes in what has become a high-pressure extortion campaign.

The incident began when a group calling itself the Crimson Collective claimed to have stolen nearly 570GB of data. This data was allegedly taken from over 28,000 of Red Hat’s internal repositories.

Included in the stolen data are approximately 800 Customer Engagement Reports (CERs), which contain sensitive details about customer networks and infrastructure. Leaked samples reportedly belong to major clients, including Walmart, HSBC, the Bank of Canada, and the U.S. Department of Defense.

Red Hat has confirmed the breach, stating that it was limited to a GitLab instance used by its consulting division. The company has reassured that it promptly removed the unauthorized access and isolated the affected system.

The situation escalated when ShinyHunters became involved, threatening to release the stolen data if a ransom is not paid. This collaboration between the Crimson Collective and ShinyHunters points to a growing trend of “Extortion-as-a-Service,” where cybercriminal groups team up to increase their leverage.

ShinyHunters has set a deadline of October 10, 2025, for the data to be released, adding significant pressure on Red Hat to negotiate. The group is also reportedly extorting other major companies, highlighting their expanding operations in the cybercriminal world.