The threat actors shared screenshots on Telegram as evidence of the alleged intrusion, claiming they obtained full access to internal chat logs, threat intelligence reports, and a complete client list. Among the leaked images was a screenshot of a Mattermost collaboration instance, which appeared to show discussions between Resecurity staff and Pastebin regarding the removal of malicious content. The group asserts that these files prove they successfully bypassed the firm’s security measures to extract genuine internal communications.
According to the group, the attack was a retaliatory move against Resecurity for allegedly attempting to infiltrate their community. The hackers, who use a name suggesting links between the ShinyHunters, Lapsus$, and Scattered Spider groups, claimed the firm tried to socially engineer them to gather intelligence on their operations. They specifically alleged that Resecurity employees posed as potential buyers for a stolen Vietnamese financial database to trick the group into providing samples and information.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
Resecurity maintains a different version of events, insisting that the data shown in the screenshots originated from a controlled environment. The company stated that the environment was a deliberately deployed honeypot used to track the tactics of threat actors. By providing fake data, the firm claims it was able to observe the group’s behavior without risking actual proprietary information or client confidentiality.
The situation is further complicated by conflicting reports regarding the identity of the attackers. Although the threat actors identify as the Scattered Lapsus$ Hunters, a spokesperson for the ShinyHunters group later contacted the media to distance themselves from this specific incident. While ShinyHunters has previously claimed affiliation with the Scattered Lapsus$ Hunters collective, they explicitly stated they had no involvement in this particular campaign against Resecurity.
Source: Hackers Claim To Hack Resecurity Firm Says It Was A Honeypot