Crimson Collective
0 incidentes
0 paises
0 sectores
apt Ultimo: -
Aliases: crimson collective
Crimson Collective is an extortion-motivated threat group that emerged in late September 2025, specializing in cloud-focused intrusions primarily targeting Amazon Web Services environments for data exfiltration and subsequent extortion. The group gained immediate attention by publicly claiming responsibility for high-profile breaches, including the defacement of a Nintendo website, the alleged theft of 50 million client invoices from Claro Colombia, and the compromise of Red Hat's private GitLab repositories. While Red Hat confirmed unauthorized access to its consulting GitLab instance, it did not fully validate all of Crimson Collective's claims. Their operations demonstrate a deep understanding of AWS architecture, leveraging legitimate cloud services and configurations for reconnaissance, privilege escalation, and data theft, often without deploying malware. This strategy distinguishes them as a "cloud-native extortion" actor, reflecting a shift from traditional endpoint ransomware
Canales, DLS e infraestructura asociada
Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.
Sectores objetivo (SOCRadar)
Professional&Technical ServicesTelecommunicationsSoftware PublishersMotor Vehicle ManufacturingSoftware PublishersComputer Systems Design and Related ServicesComputer Systems Design Services