Crimson Collective Targets AWS Environments

First reported

09.10.2025 15:16

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The emerging threat group Crimson Collective, linked to the Red Hat breach, targets AWS environments to steal data and extort organizations. The group uses open-source tools to find leaked AWS credentials and escalate privileges. They have ties to Scattered Spider and LAPSUS$ collectives and operate as an extortion-as-a-service (EaaS) group. Crimson Collective has been observed compromising long-term access keys and leveraging privileges attached to compromised IAM accounts. They create new users, escalate privileges, and exfiltrate valuable data via AWS services. Successful data exfiltration often results in extortion demands.

Timeline

09.10.2025 15:16 1 articles · 5h ago

Crimson Collective Targets AWS Environments
Crimson Collective, linked to the Red Hat breach, has been observed targeting AWS environments to steal data and extort organizations. The group uses open-source tools to find leaked AWS credentials and escalate privileges. They have ties to Scattered Spider and LAPSUS$ collectives and operate as an extortion-as-a-service (EaaS) group. The group's activities include compromising long-term access keys, creating new users, and exfiltrating valuable data via AWS services. Successful data exfiltration often results in extortion demands.
Show sources

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16
Open in new tab

Information Snippets

Crimson Collective is linked to the Red Hat breach and has ties to Scattered Spider and LAPSUS$ collectives.
First reported: 09.10.2025 15:16

1 source, 1 article
Show sources
- ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16
The group uses open-source tools like TruffleHog to find leaked AWS credentials.
First reported: 09.10.2025 15:16

1 source, 1 article
Show sources
- ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16
Crimson Collective compromises long-term access keys and escalates privileges in AWS environments.
First reported: 09.10.2025 15:16

1 source, 1 article
Show sources
- ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16
The group exfiltrates data via AWS services and demands extortion payments.
First reported: 09.10.2025 15:16

1 source, 1 article
Show sources
- ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16
Crimson Collective operates as an extortion-as-a-service (EaaS) group, partnering with other threat actors.
First reported: 09.10.2025 15:16

1 source, 1 article
Show sources
- ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More — thehackernews.com — 09.10.2025 15:16