Crimson Collective claims to have hacked Nintendo, exposing internal folders and backups. Doubts remain about the true extent of the cyber attack
The hacker group Crimson Collective declares to have violated the discussion files of Nintendopresenting as proof a screenshot showing several folders. Visible directories include production assets, development previews, and specific data backups. Information on the true scope of the cyberattack and Crimson Collective’s intentions regarding the data allegedly obtained remains limited at this time. A possible key to understanding their operating methods emerges from their recent attack against Red Hat. Earlier this month, the collective hacked the software company’s private GitHub repositoriesclaiming to have stolen 570 GB of dataincluding customer authentication credentials. Crimson Collective claims to have attempted contact with Red Hat through official channels to make extortion demands, attaching screenshots of internal directories as evidence of the breach.
The group claims they were ignored by the company. Subsequently, on October 2, the company confirmed the violation, communicating that it had already informed the competent authorities on the matter. There is a possibility that Crimson Collective is attempting to make similar claims to Nintendo keeping communications confidential. In September, the same group claimed responsibility for another intrusion against Claro Colombia, a well-known telecommunications operator. In that circumstance, the attack would have led to the theft of 50 million invoices and financial documents belonging to customers. Cybersecurity firm Anomali speculates that the group is trying to “establish credibility within cybercrime environments through high-profile attacks”. The choice indicates a clear intent to hit Nintendo, seen as the target capable of offering maximum media coverage in a short time.
A curious element emerged from these cases, as noted by the investigative journalist Brian Krebsis the “Miku” signature on Telegram posts by Crimson Collective. This nickname appears to have been used by 19-year-old Thalha Jubair from the United Kingdom, an alleged member of the groups $ e Scattered Spiderwho is expected to be in custody awaiting trial. Claro, the first victim of the collective, had already been the target of LAPSUS$ in 2021. During the cyber attack on Red Hat, another victim attributable to LAPSUS$ was also identified: Vodafone. The hacking group had previously shown interest in the video game industry, having attacked Ubisoft and Microsoft in 2022. The hacker responsible for the GTA 6 video leak was believed to be affiliated with the same group. Nintendo has not yet released any official statement. Until that time, it will not be possible to know the true extent of the violation or the legitimacy of the claims made by Crimson Collective.
