Hackers Claim Resecurity Breach, Firm Calls It a Honeypot
â–¼ Summary
– Threat actors known as “Scattered Lapsus$ Hunters” claim to have breached cybersecurity firm Resecurity, alleging they stole employee data, internal communications, and client information.
– Resecurity disputes the breach, stating the accessed system was a monitored honeypot containing fake data deployed to study the attackers’ methods.
– The attackers say their actions were retaliation against Resecurity for what they claim were social engineering attempts to infiltrate their group.
– Resecurity reports it collected intelligence on the attacker’s infrastructure and tactics during the incident and shared this information with law enforcement.
– The ShinyHunters group, often associated with Scattered Lapsus$ Hunters, has separately stated they were not involved in this specific attack.
A recent claim by a hacking group to have breached a prominent cybersecurity firm has been met with a firm rebuttal, framing the incident as a successful intelligence-gathering operation. Threat actors identifying as “Scattered Lapsus$ Hunters” (SLH) announced they had compromised the systems of Resecurity, alleging they stole sensitive internal data including employee details, client lists, and internal communications. As proof, the group shared screenshots on Telegram, one of which appeared to show communications between Resecurity staff and Pastebin regarding malicious content. The actors stated the attack was retaliation, accusing Resecurity employees of attempting to socially engineer the group by posing as buyers during a data sale.
However, Resecurity presents a starkly different narrative. The company asserts that the accessed systems were not part of its operational infrastructure but were a deliberately deployed honeypot. According to a report published by the firm, its team first detected reconnaissance activity in late November. In response, they created an isolated environment with a fake account, populating it with synthetic data designed to mimic real business information. This included over 28,000 fabricated consumer records and more than 190,000 synthetic payment transaction records generated to resemble Stripe API data.
The company reports that the threat actor took the bait, logging into the honeypot and subsequently attempting to automate data exfiltration. During this monitored activity, which generated hundreds of thousands of requests, Resecurity says it collected significant telemetry on the attacker’s methods. The firm claims the operation led to multiple operational security failures by the attacker, including the brief exposure of confirmed IP addresses due to proxy failures. This intelligence, they state, was shared with law enforcement partners, leading to a subpoena request regarding the threat actor.
In a new Telegram post following the publication of these details, the hacking group dismissed Resecurity’s explanation as “damage control” and promised more information would be released soon. Notably, a spokesperson for the ShinyHunters group, often associated with the SLH moniker, has since clarified they were not involved in this specific activity. The situation highlights the ongoing cat-and-mouse game in cybersecurity, where claims of major breaches are sometimes revealed to be controlled counterintelligence efforts.
(Source: Bleeping Computer)
