Cyberdefense firm Resecurity Inc. has denied a claim from infamous hacking group ShinyHunters that it had been hacked, instead saying that the attackers were fooled by a deliberately deployed honeypot filled with synthetic data.
The drama over the alleged hack began after a Telegram account from “Scattered Lapsus$ Hunters,” an umbrella alias reportedly linked to ShinyHunters, LAPSUS$ and Scattered Spider ransomware affiliates, claimed to have full access to Resecurity’s internal systems. The threat actors asserted they had exfiltrated employee records, internal chat logs, threat intelligence reports, client lists, tokens and more from Resecurity.
According to Bleeping Computer, the Telegram message also alleged the activity was partially motivated by what the group described as Resecurity’s earlier social-engineering efforts on dark web forums.
In response to the claim, Resecurity denied the allegation on X Inc. and pointed to a Dec. 24 blog post outlining how the company uses synthetic data and deception-based honeypots to identify, monitor and study threat actor behavior without exposing real systems or customer information.
Resecurity explains in the blog post that it deliberately deployed isolated environments designed to look authentic to attackers but populated entirely with fabricated data. The environments are intentionally separated from production infrastructure and contain fake user accounts, synthetic transaction records and decoy applications intended to lure adversaries into revealing their tactics.
In the case of the claimed breach, Resecurity explains how suspicious reconnaissance activity was detected in late 2025 and prompted its digital forensics and incident response team to activate a honeytrap account within a controlled environment. The attackers were allowed to interact with the system under close monitoring, generating telemetry and behavioral intelligence while never touching real internal assets.
The company says the data accessed by the attackers, including what appeared to be employee names, internal files and credentials, was entirely synthetic and created specifically for deception purposes and that no real credentials, customer data or other information was stolen.
Resecurity noted that the incident is a good example of active cyber defense, one where deception techniques are used not just to protect assets but also to gather intelligence on emerging threat groups. The company added that the interaction in this case also provided valuable insight into the methods and tooling used by actors associated with ShinyHunters and related groups.
Image: Resecurity
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About News Media
Founded by tech visionaries John Furrier and Dave Vellante, News Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
