Crimson Collective Announces ‘National Cybercrime Day,’ Potentially Partnering with Scattered LAPSUS$ Hunters
Published
- Threat announcement: Crimson Collective declared October 5, 2025, as a “National Cybercrime Day,” signaling a potential large-scale, coordinated attack.
- Initial target claim: The announcement was linked to a BreachForums post claiming a multi-terabyte data breach at Red Hat, Inc.
- Alleged collaboration: The group appears to be partnering with Scattered Spider-aligned actors, who shared the Red Hat hack post.
The threat actor group Crimson Collective has announced its intention to launch a significant cyber campaign, designating October 5, 2025, as “National Cybercrime Day” through cybercrime channels, hinting at a coordinated event targeting major corporations and a collaboration that could amplify the scope and sophistication of the campaign
Representing a potentially serious escalation in cybersecurity threats, this declaration serves as a direct warning to the cybersecurity community and enterprise security teams globally.
Apparent Alliance Between Crimson Collective and Scattered Spider
Evidence points to a concerning collaboration between Crimson Collective and actors associated with Scattered Spider. The announcement post linked to a new BreachForums page, a known hub for data leaks, which was shared by a Scattered Spider alias, "Scattered LAPSUS$ Hunters."
Such an alliance combines the resources and distinct tactics of two prominent threat groups, potentially leading to more complex and impactful attacks.
The alleged partnership suggests a focus on large-scale data exfiltration and extortion campaigns.
Red Hat Named as Initial Target
The inaugural claim tied to the "National Cybercrime Day" announcement is a massive, multi-terabyte data breach at the software company Red Hat, Inc. This claim, if verified, indicates the groups are targeting high-value enterprise entities with access to sensitive corporate and customer data.
The choice of Red Hat as a target highlights the strategic focus on technology companies and their supply chains. Security experts are closely monitoring the situation as the proclaimed date approaches, advising organizations to heighten their security posture and threat detection capabilities in anticipation of increased malicious activity.
A few days ago, Red Hat confirmed unauthorized access to a GitLab instance used by its consulting team for select client engagements. However, the company stated this incident is unrelated to its core products or software supply chain.
Recently, the Scattered Lapsus$ hacking group claimed responsibility for breaching the Credit Institute of Vietnam and announced that it had breached S&P Global in a February 2025 attack that exposed over 32 million email addresses and more.
This month, Google announced that hackers created an account in Google’s Law Enforcement Request System, a portal used by global law enforcement agencies to submit official requests for user data, which was claimed by an amalgamation of actors from Scattered Spider, LapSus, and ShinyHunters.
In September, alleged members of the same collective threatened Google with a breach unless TIG’s Austin Larsen and Mandiant’s Charles Carmakal were fired. The same collective claimed responsibility for the Allianz Life data breach.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular