"The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resources in November 2025 by probing various publicly facing services and applications. The threat actor is also said to have targeted one of its employees who had no sensitive data or privileged access."
""This led to a successful login by the threat actor to one of the emulated applications containing synthetic data," it said. "While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity. Between December 12 and December 24, the threat actor made over 188,000 requests attempting to dump synthetic data.""
Resecurity set up a honeytrap account populated with synthetic business data and planted a fake account on an underground marketplace for compromised credentials. The company detected a threat actor probing publicly facing services and applications in November 2025 and targeting an employee with no sensitive data or privileged access. The actor achieved a successful login to an emulated application containing synthetic data and made more than 188,000 requests between December 12 and December 24 attempting to dump that data. The threat post was removed from Telegram on January 4, 2025. Resecurity linked an active Gmail account used by the actor to a U.S.-based phone number and a Yahoo account. CYFIRMA reports the collective has resurfaced, recruiting initial access brokers and insider collaborators.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]