Uptime Hamster: 15d 9h 11mDeploy: 13 Jul 2026 08:04Updated: 2026-07-14
Logo del actor de amenaza Crimson Collective

Crimson Collective

0 incidentes 0 paises 0 sectores apt Ultimo: -
Aliases: crimson collective
Ver en IntelTracker → APTTrail →
Crimson Collective is an extortion-motivated threat group that emerged in late September 2025, specializing in cloud-focused intrusions primarily targeting Amazon Web Services environments for data exfiltration and subsequent extortion. The group gained immediate attention by publicly claiming responsibility for high-profile breaches, including the defacement of a Nintendo website, the alleged theft of 50 million client invoices from Claro Colombia, and the compromise of Red Hat's private GitLab repositories. While Red Hat confirmed unauthorized access to its consulting GitLab instance, it did not fully validate all of Crimson Collective's claims. Their operations demonstrate a deep understanding of AWS architecture, leveraging legitimate cloud services and configurations for reconnaissance, privilege escalation, and data theft, often without deploying malware. This strategy distinguishes them as a "cloud-native extortion" actor, reflecting a shift from traditional endpoint ransomware

Aliases del actor

crimson collective

Actores similares

crimson-collectiveactor · 1crimson-sandstormactor · 1unc1549-crimson-sandstormactor · 1Operation Crimson Palaceapt · 0

Canales, DLS e infraestructura asociada

Clasificacion automatica desde IntelTracker/APTTrail/OSINT. Estado real solo si viene indicado por la fuente.

TipoEstadoHost / enlaceTitle / ultimo titulo
DLS / leak siteunknownwww.rapid7.comcrimson collective indicators and references
Repositoriounknowngithub.comcrimson collective indicators and references
DLS / leak siteunknownraw.githubusercontent.comcrimson collective indicators and references
DLS / leak siteunknown195.201.175.210APTTrailURLhttpcrimson collective indicators and references
Tecnicas MITRE
T1136.003 - Create Account Cloud Account, T1567 - Exfiltration Over Web Service, T1087.004 - Account Discovery Cloud Account, T1069 - Permission Groups Discovery, T1074 - Data Staged, T1526 - Cloud Service Discovery
CVEs relacionadas
CVE-2025-42958, CVE-2025-42944, CVE-2025-42922, CVE-2025-41244, CVE-2025-10725, CVE-2021-26855
Tipo
apt
Pais origen
-
Motivacion
-
Impacto
33
Actualizado
Thu, 09 Oc

Sectores objetivo (SOCRadar)

Professional&Technical ServicesTelecommunicationsSoftware PublishersMotor Vehicle ManufacturingSoftware PublishersComputer Systems Design and Related ServicesComputer Systems Design Services