Cyber Security
Discord, Red Hat & Asahi Group Among Targets As Cybercriminal Groups Team Up
Updated on Thu, Oct 9, 2025
Share
Just a few years ago, the world of cybersecurity was limited in terms of attacks vectors. There were viruses, Trojan horses, ransomware, and others. However, there were humans behind these acts.
Today, Artificial Intelligence has changed what’s possible in the world of cyber-attacks. AI bots can attack enterprise systems worldwide, and while we have AI bots fighting these threats, the risks remain.
Recently, multiple cyber-attacks and breaches have occurred, affecting major businesses and brands. So, dive in as we report the details of each major cybersecurity lapse, what caused them, and how it is affecting businesses on a global scale.
Dive in!
The popular social media platform Discord reportedly suffered a data breach on 3rd October. However, Discord was hacked after a third-party customer support provider was compromised, allowing attackers access to Discord’s user data.
Discord has responded saying it will not pay threat actors who claim to have stolen data from the company’s Zendesk support system interface, affecting 5.5 million unique users. Discord is also pushing back on claims that 2.1 million photos of government IDs were disclosed in a breach.
"First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts," Discord said in a statement.
"Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals."
"Third, we will not reward those responsible for their illegal actions."
Hackers claiming responsibility for the incident reported to BleepingComputer that they had accessed Discord’s Zendesk instance for nearly 58 hours starting September 20, 2025. The attackers also said the breach occurred through a compromised account belonging to a support agent employed by a business process outsourcing (BPO) provider used by Discord.
The group alleged that the internal Zendesk tool, Zenbar, enabled them to turn off multi-factor authentication, view user data, and download support ticket information. They claimed to have stolen around 1.6 terabytes of data, including about 1.5 TB of ticket attachments and over 100 GB of transcripts, affecting approximately 5.5 million users.
According to the hackers, the data includes user emails, Discord usernames and IDs, phone numbers, dates of birth, and limited payment information. They also claimed that around 70,000 government ID photos may have been exposed.
The attackers reportedly demanded $5 million in ransom, later reducing it to $3.5 million, and threatened to leak the data after Discord refused to pay. BleepingComputer noted that it could not independently verify the hackers’ claims or the authenticity of the samples.
But Discord’s hackers aren’t the only ones making a splash..
The world of cybercrime just got a little more crowded and a lot more connected. The group behind the recent Red Hat Consulting breach, Crimson Collective, has now teamed up with the Scattered Lapsus$ Hunters, a network of hackers linked to several major global breaches.
Red Hat confirmed last week that its consulting division’s GitLab instance had been compromised. The attackers claim to have stolen 28,000 repositories containing source code and customer engagement reports (CERs). According to Crimson Collective, some of these files included sensitive infrastructure details from Red Hat’s clients, though this has not been independently verified.
What’s raising eyebrows is the partnership as Scattered Lapsus$ Hunters is believed to include members of infamous cybercriminal groups like Scattered Spider, Lapsus$, and Shiny Hunters. The group is already linked to high-profile attacks on Salesforce and other major enterprises. Despite past arrests, the group seems to be expanding rather than fading away.
Shortly after the breach, Red Hat was listed on Scattered Lapsus$ Hunters’ Dark Web leak site under a new section titled “Other.” The listing stated that the breach occurred on September 13, including samples of stolen data and claiming the files held customer secrets such as access tokens, setting a ransom deadline for October 10.
“Compressed, it's a 570 GB ticking time bomb of your failures,” the post read.
Crimson Collective confirmed it carried out the breach and is using Scattered Lapsus$ Hunters’ leak site to pressure Red Hat for payment. The group declined to explain how it gained access to Red Hat’s GitLab instance but claimed there were “no observed technical or organizational measures” protecting the repositories.
Meanwhile, cybersecurity firm Rapid7 reported that new Crimson Collective activity targeting AWS cloud environments using leaked access keys and misconfigured identity permissions. The group was observed stealing data and demanding ransom from multiple organizations in September.
AWS later confirmed that the incidents involved valid credentials and advised customers to use short-term access keys, restrict permissions, and regularly scan repositories for exposed credentials.
Red Hat has not yet commented on the ransom claims or the data posted on the leak site. While these two incidents did lead to ransom demands, it did not affect their day-to-day operations, which cannot be said about Asahi Group.
Japan’s largest brewing company, Asahi Group Holdings, confirmed that it was the target of a ransomware attack that disrupted operations at its Japan branch late last month. The incident halted ordering, shipping, and customer service systems, though international operations remained unaffected.
The company stated that it detected unauthorized access in late September and immediately set up an Emergency Response Headquarters to investigate the breach. “We confirmed that our servers were targeted by a ransomware attack,” Asahi said in a public announcement on October 3.
Cybercrime group Qilin later claimed responsibility for the attack, alleging it had stolen 27GB of data, including financial and employee records. According to the group’s dark web leak site, Qilin stole around 9323 files and published 29 photos of the stolen documents online. The files reportedly contain contracts, business data, and sensitive financial information.
In an update published this week, Asahi confirmed that some of the stolen data had surfaced online. “Subsequent investigations have confirmed that data suspected to have been subject to unauthorized transfer has been identified on the internet,” the company said. It added that it is still assessing the scope of the breach and will notify affected individuals and partners if any confirmed exposure is found.
The company emphasized that the impact was limited to its Japanese operations and that there was no indication of compromise across its global systems. Asahi also confirmed that its Japanese subsidiaries have resumed full or partial production, with shipments now back underway.
While investigations continue, cybersecurity experts note that Qilin ransomware has been active in targeting major corporations across multiple sectors, often leaking stolen data to pressure victims into paying ransoms.
From Discord’s third-party breach to Red Hat’s hacker alliance and Asahi’s ransomware ordeal, these incidents highlight how no industry is immune to cyber risks. Whether it’s social media platforms, software firms, or even a consumer brand, attackers continue to exploit weak links across ecosystems.
If you think you are secure enough, think again.
Do modern enterprise security strategies need a revamp with rising cyber incidents? What critical measures is your business taking to secure itself from cyber risks?
Let us know in the comment section below.
Today, Artificial Intelligence has changed what’s possible in the world of cyber-attacks. AI bots can attack enterprise systems worldwide, and while we have AI bots fighting these threats, the risks remain.
Recently, multiple cyber-attacks and breaches have occurred, affecting major businesses and brands. So, dive in as we report the details of each major cybersecurity lapse, what caused them, and how it is affecting businesses on a global scale.
Dive in!
What Really Happened In The Discord Data Breach?
The popular social media platform Discord reportedly suffered a data breach on 3rd October. However, Discord was hacked after a third-party customer support provider was compromised, allowing attackers access to Discord’s user data.
Discord has responded saying it will not pay threat actors who claim to have stolen data from the company’s Zendesk support system interface, affecting 5.5 million unique users. Discord is also pushing back on claims that 2.1 million photos of government IDs were disclosed in a breach.
"First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts," Discord said in a statement.
"Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals."
"Third, we will not reward those responsible for their illegal actions."
Hackers claiming responsibility for the incident reported to BleepingComputer that they had accessed Discord’s Zendesk instance for nearly 58 hours starting September 20, 2025. The attackers also said the breach occurred through a compromised account belonging to a support agent employed by a business process outsourcing (BPO) provider used by Discord.
The group alleged that the internal Zendesk tool, Zenbar, enabled them to turn off multi-factor authentication, view user data, and download support ticket information. They claimed to have stolen around 1.6 terabytes of data, including about 1.5 TB of ticket attachments and over 100 GB of transcripts, affecting approximately 5.5 million users.
According to the hackers, the data includes user emails, Discord usernames and IDs, phone numbers, dates of birth, and limited payment information. They also claimed that around 70,000 government ID photos may have been exposed.
The attackers reportedly demanded $5 million in ransom, later reducing it to $3.5 million, and threatened to leak the data after Discord refused to pay. BleepingComputer noted that it could not independently verify the hackers’ claims or the authenticity of the samples.
But Discord’s hackers aren’t the only ones making a splash..
Who Are The Hackers Behind The Red Hat Consulting Breach?
The world of cybercrime just got a little more crowded and a lot more connected. The group behind the recent Red Hat Consulting breach, Crimson Collective, has now teamed up with the Scattered Lapsus$ Hunters, a network of hackers linked to several major global breaches.
Red Hat confirmed last week that its consulting division’s GitLab instance had been compromised. The attackers claim to have stolen 28,000 repositories containing source code and customer engagement reports (CERs). According to Crimson Collective, some of these files included sensitive infrastructure details from Red Hat’s clients, though this has not been independently verified.
What’s raising eyebrows is the partnership as Scattered Lapsus$ Hunters is believed to include members of infamous cybercriminal groups like Scattered Spider, Lapsus$, and Shiny Hunters. The group is already linked to high-profile attacks on Salesforce and other major enterprises. Despite past arrests, the group seems to be expanding rather than fading away.
Shortly after the breach, Red Hat was listed on Scattered Lapsus$ Hunters’ Dark Web leak site under a new section titled “Other.” The listing stated that the breach occurred on September 13, including samples of stolen data and claiming the files held customer secrets such as access tokens, setting a ransom deadline for October 10.
“Compressed, it's a 570 GB ticking time bomb of your failures,” the post read.
Crimson Collective confirmed it carried out the breach and is using Scattered Lapsus$ Hunters’ leak site to pressure Red Hat for payment. The group declined to explain how it gained access to Red Hat’s GitLab instance but claimed there were “no observed technical or organizational measures” protecting the repositories.
Meanwhile, cybersecurity firm Rapid7 reported that new Crimson Collective activity targeting AWS cloud environments using leaked access keys and misconfigured identity permissions. The group was observed stealing data and demanding ransom from multiple organizations in September.
AWS later confirmed that the incidents involved valid credentials and advised customers to use short-term access keys, restrict permissions, and regularly scan repositories for exposed credentials.
Red Hat has not yet commented on the ransom claims or the data posted on the leak site. While these two incidents did lead to ransom demands, it did not affect their day-to-day operations, which cannot be said about Asahi Group.
How Did A Cyber-Attack Disrupt Japan’s Largest Brewer, Asahi?
Japan’s largest brewing company, Asahi Group Holdings, confirmed that it was the target of a ransomware attack that disrupted operations at its Japan branch late last month. The incident halted ordering, shipping, and customer service systems, though international operations remained unaffected.
The company stated that it detected unauthorized access in late September and immediately set up an Emergency Response Headquarters to investigate the breach. “We confirmed that our servers were targeted by a ransomware attack,” Asahi said in a public announcement on October 3.
Cybercrime group Qilin later claimed responsibility for the attack, alleging it had stolen 27GB of data, including financial and employee records. According to the group’s dark web leak site, Qilin stole around 9323 files and published 29 photos of the stolen documents online. The files reportedly contain contracts, business data, and sensitive financial information.
In an update published this week, Asahi confirmed that some of the stolen data had surfaced online. “Subsequent investigations have confirmed that data suspected to have been subject to unauthorized transfer has been identified on the internet,” the company said. It added that it is still assessing the scope of the breach and will notify affected individuals and partners if any confirmed exposure is found.
The company emphasized that the impact was limited to its Japanese operations and that there was no indication of compromise across its global systems. Asahi also confirmed that its Japanese subsidiaries have resumed full or partial production, with shipments now back underway.
While investigations continue, cybersecurity experts note that Qilin ransomware has been active in targeting major corporations across multiple sectors, often leaking stolen data to pressure victims into paying ransoms.
From Discord’s third-party breach to Red Hat’s hacker alliance and Asahi’s ransomware ordeal, these incidents highlight how no industry is immune to cyber risks. Whether it’s social media platforms, software firms, or even a consumer brand, attackers continue to exploit weak links across ecosystems.
If you think you are secure enough, think again.
Do modern enterprise security strategies need a revamp with rising cyber incidents? What critical measures is your business taking to secure itself from cyber risks?
Let us know in the comment section below.
First published on Thu, Oct 9, 2025
Liked what you read? That’s only the tip of the tech iceberg!
Explore our vast collection of tech articles including introductory guides, product reviews, trends and more, stay up to date with the latest news, relish thought-provoking interviews and the hottest AI blogs, and tickle your funny bone with hilarious tech memes!
Plus, get access to branded insights from industry-leading global brands through informative white papers, engaging case studies, in-depth reports, enlightening videos and exciting events and webinars.
Dive into TechDogs' treasure trove today and Know Your World of technology like never before!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Trending TD NewsDesk
Microsoft & SoftBank To Invest $2B In Wayve, Amid Waymo & Tesla Global Growth
Hackers Exploit Gladinet Zero-Day As Arizona’s Age-Check Law Causes VPN Surge
Google Debuts Gemini Enterprise And Expands AI Try-On Amid Prezent's $30M Bid
Google Refuses To Fix Gemini Flaw While ClayRat Spyware Imitates Android Apps
World AI Show Welcomes MIDA As Strategic Investment Partner, Strengthening Malaysia’s Position As AI & Investment Hub
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion