Crimson Collective: A New Threat Group Observed Operating in the Cloud
released on 2025-10-10 @ 05:12:15 PM
Over the past few weeks, Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments with the goal of data exfiltration and subsequent extortion of the victim. This threat group refers to itself as ‘Crimson Collective’ and has recently announced that it is behind an attack on Red Hat, wherein it claims to have stolen private repositories from Red Hat’s GitLab.