Conflicting Narratives in Security Incident: Hackers Claim Resecurity Breach, Firm Says Honeypot
Published
Key Takeaways
- Contested Breach: Threat actors claim to have breached cybersecurity firm Resecurity, while the company maintains that the attackers accessed only a honeypot.
- Honeypot Defense: Resecurity states it detected initial reconnaissance and deployed an isolated environment with synthetic data to monitor the threat actors' activities.
- Attribution Claims: The attack was claimed by a group calling itself "Scattered Lapsus$ Hunters," yet ShinyHunters denied involvement.
A group of threat actors identifying as part of Scattered Lapsus$ Hunters (SLH) publicly claimed to have breached the internal systems of cybersecurity firm Resecurity in an alleged act of retaliation for the firm's social engineering attempts. In response, the company denied the hack and stated the attackers had hit an elaborate honeypot.
Hackers Allege to Be Scattered Lapsus$ Hunters
In a Telegram post, the attackers alleged they exfiltrated multiple sets of data and, as proof, published screenshots purporting to show internal collaboration channels. The reportedly stolen information includes:
- All internal chats and logs,
- Full employee data,
- Threat intel-related reports,
- A complete client list with details.
The post also said the attack was conducted with the help of the Devman Ransomware group. The ShinyHunters group stated it was not involved in this activity, even though it always claimed to be part of SLH.
Resecurity has refuted these Resecurity hack claims, stating that the attackers were intentionally lured into a pre-prepared honeypot and never accessed legitimate production systems or real customer data.Â
According to Resecurity, it detected the threat actor's reconnaissance activities in November 2025. The firm claims this monitoring led to the identification of the attackers' infrastructure, which was subsequently reported to law enforcement.
Implications of the Cyberattack Investigation
In their post, the attackers said the purported data breach was a retaliatory act for what they perceived as Resecurity's social engineering attempts to gather intelligence on their operations, alleging that the company pretended to be a buyer in the ShinyHunters Vietnam data sale.
While the hackers identifying as Scattered Lapsus$ Hunters group promise to release more information, the current evidence remains contested.Â
Last month, BreachForums (operated by ShinyHunters) reemerged as an admin. apologized for the honeypot confusion and claimed responsibility for the attack that the French government announced, which impacted over 16 million individuals.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular