Resecurity honeypot
November 21, 2025
•[ honeypot, data leak, threat intelligence ]
Threat actors identifying as 'Scattered Lapsus$ Hunters' claimed they had gained full access to Resecurity systems and stolen employee data, internal chats/logs, threat intelligence reports, and client lists, posting screenshots on Telegram. Resecurity denied that its production environment was breached and said the actor interacted with an isolated honeypot account and systems populated with synthetic (fabricated) customer, employee, and payment data. Resecurity reported it first detected suspicious probing activity on November 21, 2025 and monitored subsequent automated extraction attempts against the decoy environment, treating the incident as an intrusion attempt rather than a confirmed compromise of real systems/data.
