Overview
- Threat actors using the Scattered Lapsus$ Hunters name posted screenshots on Telegram claiming full access to Resecurity and the theft of chats, employee data, threat intelligence files, and a client list.
- Resecurity says the activity occurred in an isolated decoy environment seeded with synthetic datasets, fake apps, and dummy accounts, asserting no operational systems or client records were exposed.
- The company shared honeypot logs and screenshots with reporters that map the intruder’s activity and show occasional real IP leaks attributed to proxy failures.
- Resecurity says it reported collected network intelligence to law enforcement, and a foreign partner agency issued a subpoena request related to the actor’s infrastructure.
- BleepingComputer later reported a ShinyHunters spokesperson denied involvement, leaving the identity of the actor and the authenticity of the alleged breach unconfirmed.