Over the past few weeks, Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments with the goal of data exfiltration and subsequent extortion of the victim. This threat group refers to itself as ‘Crimson Collective’ and has recently announced that it is behind an attack on Red Hat, wherein it claims to have stolen private repositories from Red Hat’s GitLab. Author: AlienVault
Related Tags:
iam
amazon web services
crimson collective
trufflehog
exfiltration
T1580
T1578
T1567
extortion
Associated Indicators:
195.201.175.210
45.148.10.141