“We would like to announce that we have gained full access to Resecurity systems,” the threat actors reportedly said in a Telegram post. “For months, REsecurity has been trying to social engineer us and groups we know. When ShinyHunters put the Vietnam financial system database up for sale, their staff pretended to be buyers to get free samples and more info from us.”
As proof, the threat actors had attached screenshots of Resecurity employees’ internal communication in a Mattermost collaboration instance.
What Resecurity says really happened
According to Resecurity, its security teams observed reconnaissance activity targeting externally exposed services before the attackers made their claims public. In response, the company said it steered the activity toward a honeypot environment populated with synthetic data designed to resemble internal systems.
The honeypot included fabricated consumer records and simulated payment data structured to appear realistic while remaining fully isolated from Resecurity’s production environment. The company said this allowed the attackers to believe they had gained meaningful access, while enabling defenders to monitor activity without exposing real data.
