Overview
- ShinyHunters posted screenshots on Telegram claiming full access to Resecurity systems and theft of chats, employee data, threat intel, and a client list.
- HackRead reviewed the images showing internal dashboards, tokens, and Mattermost chats and noted visible names appeared linked to Resecurity on LinkedIn.
- Resecurity told reporters the accessed systems were an isolated honeypot with synthetic employee accounts and fake apps, citing a December 24 blog detailing the setup.
- The firm says no production systems or real client data were affected and shared telemetry on attacker IPs and proxy failures, which it reported to law enforcement.
- ShinyHunters framed the operation as retaliation and mentioned working with the Devman ransomware group, while saying more information would be released.