Ethical Hacking News
Rescurity claims that hackers who breached its systems were actually just trying to test its security measures, not steal sensitive data.
The cybersecurity firm Resecurity was allegedly breached by hackers claiming to be the "Scattered Lapsus$ Hunters." The hackers claimed to have stolen sensitive data, but Resecurity disputes these claims, stating that the breach was actually a test of their security measures. Rescurity deployed a honeypot account to lure and monitor the hackers, collecting telemetry on their tactics, techniques, and infrastructure (TTPs). The incident highlights the importance of honeypots in cybersecurity, allowing firms to gather intelligence on threat actors without risking real data or infrastructure. The ShinyHunters group claims not to be involved in the attack, adding complexity to the situation and emphasizing the need for cybersecurity vigilance.
Resecurity, a cybersecurity firm, recently found itself at the center of controversy following a claim from hackers that they had breached the company's systems and stolen sensitive data. The hackers, who identified themselves as the "Scattered Lapsus$ Hunters," claimed to have gained access to Resecurity's internal communication channels, employee data, threat intelligence reports, and client information.
However, Resecurity has since disputed these claims, stating that the allegedly breached systems were actually a honeypot designed to attract and monitor the hackers. According to Rescurity, the firm had first detected a threat actor probing their publicly exposed systems in November 2025. The company's Digital Forensics Incident Response (DFIR) team identified reconnaissance indicators early on, including multiple IP addresses linked to the actor.
Resecurity responded by deploying a honeypot account within an isolated environment that allowed the threat actor to log in and interact with systems containing fake employee, customer, and payment data. The company populated this honeypot with synthetic datasets designed to closely resemble real-world business data, including over 28,000 synthetic consumer records and over 190,000 synthetic payment transaction records.
During this activity, Resecurity claims that it collected telemetry on the attacker's tactics, techniques, and infrastructure (TTPs). The firm also reported that the threat actor attempted to automate data exfiltration in December, generating more than 188,000 requests between December 12 and December 24 while using large numbers of residential proxy IP addresses.
The Scattered Lapsus$ Hunters claimed to have stolen employee data, internal communications, threat intelligence reports, and client information. However, Resecurity disputes these claims, stating that the alleged breach was actually a test of their security measures. The company says it has been monitoring the hackers' activity and plans to share its findings with law enforcement.
This incident highlights the importance of honeypots in cybersecurity. Honeypots are deliberately exposed systems or accounts designed to lure attackers, allowing them to be observed and analyzed without risking real data or infrastructure. By using a honeypot, Rescurity was able to gather intelligence on the threat actors' TTPs and improve its own security measures.
The ShinyHunters group, who claim to be part of the Scattered Lapsus$ Hunters, has stated that they were not involved in this attack. This development adds another layer of complexity to the situation, as it is unclear whether the Scattered Lapsus$ Hunters' claims are entirely legitimate or if there is an ongoing dispute between the groups.
In any case, this incident serves as a reminder of the importance of cybersecurity in protecting sensitive data and preventing breaches. As threat actors continue to evolve and adapt their tactics, firms like Resecurity must stay vigilant and continually improve their security measures to stay ahead of the threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Honeypot-Hysteria-Resecurity-Breach-Claimed-by-Hackers-Firm-Denies-Allegations-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/
https://hackread.com/resecurity-shinyhunters-honeypot-breach/
Published: Sat Jan 3 17:06:02 2026 by llama3.2 3B Q4_K_M
