"The attackers' claims had already been highlighted by BleepingComputer. This media outlet reported that the group had published screenshots of what appeared to be internal communications and company information. It claimed that employee data, internal chat logs, threat reports, and customer information had been stolen. The group positions itself as a collaboration of several well-known threat actors, including ShinyHunters and Scattered Spider, although a spokesperson for ShinyHunters later told BleepingComputer that they were not involved in this specific action."
"According to Resecurity, the screenshots and datasets shown are part of a controlled environment set up specifically to mislead and observe attackers. The company says it observed suspicious reconnaissance activities on publicly accessible systems in November 2025. An isolated environment was then actively used in which fake accounts and realistic-looking but completely fabricated data were placed. BleepingComputer reports that Resecurity deliberately made an account available that the attackers could use to log in."
Resecurity denies a successful hack of production systems and reports that the exposed material came from a deliberately deployed honeypot containing entirely synthetic data. Suspicious reconnaissance was observed on public systems in November 2025, prompting placement of fake accounts and realistic-looking fabricated datasets in an isolated environment. Threat actors accessed an available honeypot account while their behavior was monitored. Hosted decoy data included tens of thousands of synthetic consumer files and large amounts of fictitious payment information formatted like real business data. Attackers attempted broader exfiltration in December, triggering extensive automated activity logging.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]