The Crimson Collective is a newly identified cloud-focused cyber threat group that surfaced in September 2025, primarily targeting Amazon Web Services (AWS) environments. According to Rapid7 Labs, the group’s primary objectives are data exfiltration and extortion. They have publicly claimed responsibility for an attack against Red Hat, in which they allegedly stole private GitLab repositories. The threat actor demonstrates a deep understanding of cloud infrastructure operations and leverages legitimate tools to execute their campaigns covertly.
IP: 45.148.10[.]141IP: 195.201.175[.]210IP: 5.9.108[.]250
Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn
No related posts found.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy