Red Hat Data Leak: Hackers Threaten to Release Terabytes of Data if Ransom is Not Paid by October 10
A cyber attack on Red Hat, an IBM subsidiary, has taken a new turn: the notorious hacking group ShinyHunters has joined in demanding a ransom for stolen data. The incident, initially attributed to the group UNC5174 (also known as Salt Typhoon), now threatens the leak of sensitive client information and internal company data.
Timeline of Events
In August 2024, Red Hat discovered unauthorized access to part of its internal infrastructure. Hackers associated with the Chinese group UNC5174 breached the system through vulnerabilities in servers used for development and testing. According to Red Hat's estimates, approximately 4 TB of data was stolen, including internal tools and codes for Red Hat Enterprise Linux (RHEL) and OpenShift; client contact information, license keys, subscription details (about 3 million records); intellectual property documents, including source code and configurations.
On October 4, 2024, the hacking group ShinyHunters, known for a series of successful attacks on companies like MGM Resorts and ATT, announced on the specialized resource BreachForums their 'collaboration' with UNC5174. They claim to have accessed part of the stolen data and are now demanding a ransom. The initial price is $5 million for the full data set. ShinyHunters published samples (over 500 GB) to confirm authenticity, including files with RHEL 8/9 codes and client databases. If the ransom is not paid by October 10, the data will be released or sold to competitors.
Response from Red Hat and IBM
The company stated that the leak did not affect products or client systems, and that the RPM package signing keys remained intact. They also reported that they are conducting an internal investigation and cooperating with law enforcement. Clients are advised to check their systems for vulnerabilities and update passwords.
Red Hat is involved in the release of two major Linux distributions - Red Hat and Fedora. While Fedora is completely free software for anyone, Red Hat is a distribution for corporate clients. The business of the company is based on paid support for corporate clients. Since corporate clients are of interest to hackers, the information about them within Red Hat is the most valuable data they hunt for. It is hardly sensible to pay ransom to extortionists - there is no doubt that if the data stolen from Red Hat could help penetrate the corporate network of any of their large clients, hackers would not miss that opportunity.