A threat group calling itself "Scattered Lapsus$ Hunters" claims to have successfully breached the cybersecurity firm Resecurity, stealing alleged internal data including employee details and client lists. In response, Resecurity asserts that the attackers only accessed a deliberately deployed honeypot—a monitored, isolated environment filled with fabricated information designed to track and analyze malicious activity. The company states it first detected reconnaissance attempts in late November and subsequently set up this decoy system.
According to Resecurity, the honeypot contained over 28,000 synthetic consumer records and 190,000 fake payment transactions, all formatted to mimic real business data. The threat actors reportedly began automating data exfiltration from this decoy in December, generating hundreds of thousands of requests while using residential proxy networks. During this process, Resecurity claims to have collected intelligence on the attackers' methods and infrastructure, which it shared with law enforcement partners.
The threat actors posted screenshots allegedly from Resecurity's systems as proof of the breach, but the company maintains these came from the honeypot. While the group claims the attack was retaliation for Resecurity's attempts to investigate them, a spokesperson for the ShinyHunters subgroup denied involvement. The situation highlights the ongoing cat-and-mouse game between cybersecurity firms and the threat actors they monitor.
Read more...