Ethical Hacking News
Hackers claim Resecurity hack, firm says it was a honeypot
A cybersecurity firm has been targeted by hackers claiming to have breached its systems and stolen sensitive data. However, the company disputes the claims, stating that the alleged breach was actually a honeypot designed to attract and monitor the attackers.
Hackers claiming to be part of "Scattered Lapsus$ Hunters" (SLH) group published screenshots allegedly showing stolen Resecurity data. Resecurity disputes these claims, stating that the incident was a honeypot attack designed to monitor attackers. The company deployed a honeypot account to lure and analyze attackers without risking real data or infrastructure. The threat actor attempted to automate data exfiltration using residential proxy IP addresses. Resecurity shared intelligence with law enforcement, identifying servers used to automate the attack via residential proxies. The ShinyHunters spokesperson denied involvement in the incident, stating that other SLH group members were responsible for the claims. The incident highlights the need for robust cybersecurity defenses and effective communication between companies and law enforcement agencies.
Resecurity firm is claiming that hackers claiming to have breached their systems are actually just victims of an elaborate honeypot attack. The incident has raised questions about the nature of cybersecurity threats and how companies can protect themselves from such attacks.
According to a report by BleepingComputer, a cybersecurity news outlet, hackers claiming to be part of the "Scattered Lapsus$ Hunters" (SLH) group published screenshots on Telegram, allegedly showing stolen employee data, internal communications, threat intelligence reports, and client information. The hackers claimed that they had gained full access to Resecurity's systems and stole all internal chats and logs.
However, Resecurity disputes these claims, stating that the allegedly breached systems were actually a honeypot designed to attract and monitor the attackers. In a report published on December 24, Resecurity says it first detected a threat actor probing their publicly exposed systems on November 21, 2025.
The company states that its DFIR (digital forensic incident response) team identified reconnaissance indicators early and logged multiple IP addresses linked to the actor, including those originating from Egypt and Mullvad VPN services. In response, Resecurity deployed a "honeypot" account within an isolated environment that allowed the threat actor to log in and interact with systems containing fake employee, customer, and payment data while it was being monitored by researchers.
A honeypot is a deliberately exposed, monitored system or account designed to lure attackers, allowing them to be observed and analyzed without risking real data or infrastructure. Resecurity populated the honeypot with synthetic datasets designed to closely resemble real-world business data, including over 28,000 synthetic consumer records and over 190,000 synthetic payment transaction records.
The threat actor began attempting to automate data exfiltration in December, generating more than 188,000 requests between December 12 and December 24 while using large numbers of residential proxy IP addresses. During this activity, Resecurity collected telemetry on the attacker's tactics, techniques, and infrastructure.
In a statement, Resecurity says that they shared the intelligence with law enforcement as soon as they were available. The company claims that they identified servers used to automate the attack via residential proxies and shared the intelligence with law enforcement as well.
However, the ShinyHunters spokesperson has since told BleepingComputer that they were not involved in this activity and that it was other threat actors in the SLH hacking collective who made these claims. We have since updated our article to reflect that the ShinyHunters say they were not involved in this incident.
The incident highlights the importance of cybersecurity firms having robust defense mechanisms in place to protect against such attacks. It also underscores the need for transparency and communication between companies and law enforcement agencies when dealing with such incidents.
In conclusion, while hackers claiming to be part of the SLH group published screenshots of alleged Resecurity data breaches, the company disputes these claims, stating that the incident was actually a honeypot attack designed to monitor the attackers. The incident serves as a reminder of the need for robust cybersecurity defenses and effective communication between companies and law enforcement agencies.
The "Scattered Lapsus$ Hunters" group is a new threat actor that has been linked to several high-profile attacks in recent months. Their modus operandi involves using residential proxy IP addresses to automate attacks, making them difficult to track down. The incident highlights the ongoing cat-and-mouse game between cybersecurity firms and hackers.
As cybersecurity threats continue to evolve, it's essential for companies to stay vigilant and proactive in protecting themselves against such attacks. The incident serves as a reminder of the importance of having robust defense mechanisms in place, effective communication with law enforcement agencies, and transparency in reporting incidents.
In the future, it's likely that we'll see more instances of honeypot attacks being used by hackers to monitor their targets. As cybersecurity firms and law enforcement agencies adapt to these new tactics, we can expect to see a shift towards more sophisticated defense mechanisms and countermeasures.
In the meantime, companies must remain vigilant and proactive in protecting themselves against such threats. By staying informed about the latest trends and techniques used by hackers, and by having robust defense mechanisms in place, companies can reduce their risk of being targeted by such attacks.
The incident also highlights the importance of education and awareness when it comes to cybersecurity. As more people become involved in cybersecurity, there is a growing need for effective communication and education programs that teach individuals about the latest threats and techniques used by hackers.
By educating ourselves and others about cybersecurity, we can create a safer online environment for everyone. Whether you're a cybersecurity professional or just someone who wants to stay safe online, it's essential to be informed about the latest trends and techniques used by hackers.
In conclusion, while the incident involving Resecurity may seem like just another case of hackers targeting a company, it highlights the ongoing cat-and-mouse game between cybersecurity firms and hackers. As we move forward, it's essential for companies, law enforcement agencies, and individuals to stay vigilant and proactive in protecting themselves against such threats.
The future of cybersecurity is uncertain, but one thing is clear: the need for robust defense mechanisms, effective communication, and education will only continue to grow. By staying informed about the latest trends and techniques used by hackers, we can create a safer online environment for everyone.
Related Information:
https://www.ethicalhackingnews.com/articles/Recurity-Firm-Claims-Honeypot-Attack-Was-Not-Actual-Breach-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-claim-resecurity-hack-firm-says-it-was-a-honeypot/
Published: Sat Jan 3 16:55:37 2026 by llama3.2 3B Q4_K_M
