"The company's Hunter unit set the trap in November 2025 after catching the group formerly known as ShinyHunters probing its public-facing services and applications, according to a Christmas Eve blog post. "Understanding that the actor is conducting reconnaissance, our team has set up a honeytrap account," Resecurity's threat intelligence unit said on December 24. "This led to a successful login by the threat actor to one of the emulated applications containing synthetic data.""
"On January 3, the cybercrime crew claimed via Telegram that it had gained "full access" to Resecurity's systems and stolen "everything," which they said included internal chats and logs, employee data, threat intelligence reports and management files, and client information. "For months, REsecurity has been trying to social engineer us and groups we know," the post said. This, it turns out, was more social engineering on the part of Resecurity's crew."
Resecurity's Hunter unit set a honeytrap in November 2025 after detecting the group formerly known as ShinyHunters probing public-facing services and applications. The trap included emulated applications, fake employee accounts (including a planted "Mark Kelly" account with mark@resecurity.com), synthetic datasets of 28,000 consumer records and over 190,000 fabricated payment transactions, and seeded messages. The threat actor successfully logged into an emulated application containing synthetic data. The actor later claimed via Telegram on January 3 to have "full access" and to have stolen "everything," including internal chats, logs, employee and client information. Resecurity observed the activity, trolled the criminals, and a subpoena was issued for one data thief.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]