Update: A representative from ShinyHunters has reached out to DataBreaches to assert that credit for the recent breach should be attributed to SLH.
In a recent announcement posted on the SLSH Telegram channel, it was revealed that the group has gained complete access to REsecurity’s systems. According to the statement, ShinyHunters claimed responsibility for extracting an extensive range of sensitive information, including all internal communications, full employee data—such as names, emails, and tokens— as well as detailed threat intelligence reports, scrapes, management files, and a comprehensive client list. They alleged that this breach was not a mere act of opportunism, citing months of what they characterized as social engineering attempts by REsecurity aimed at infiltrating their operations.
Specifically, ShinyHunters accused REsecurity of attempting to manipulate them by posing as potential buyers during the attempted sale of a database related to the Vietnamese financial system. They criticized REsecurity for marketing themselves as a protective measure against cyber threats while executing questionable tactics, ultimately stating that the company was fully compromised, similar to other entities that have previously faced breaches by groups like CrowdStrike and the FBI.
In response, DataBreaches reached out to REsecurity for clarification regarding the claims made by ShinyHunters. REsecurity directed inquiries to a recent article discussing honeypots and synthetic data as new strategies for cyber deception. When questioned about the legitimacy of the data accessed by SLH, REsecurity confirmed that it was indeed part of a controlled honeypot operation designed to monitor malicious activity. They clarified that the honeypot was engineered to log the actions of intruders, using specially designed accounts controlled by the company’s team, and emphasized that there was no impact on customers or internal operations as a result of this breach.
Clarifying further, REsecurity noted that they monitored SLH’s activities closely and provided them with a honeytrap account that contained no significant information. They also disclosed the logged IP addresses associated with the breach, reinforcing their control over the situation.
For those considering the ramifications of this incident, it’s essential to analyze the tactics that may have been employed during the attack, referencing the MITRE ATT&CK framework. Techniques such as initial access through social engineering and evasion tactics to maintain persistence could certainly be considered, highlighting the sophistication of modern cyber threats.
Before any assertions are made regarding SLH’s claims, stakeholders in the cybersecurity community are advised to carefully review RESecurity’s detailed report and await further clarification from the firm. It’s important to approach claims from various actors in the cybersecurity landscape with a critical lens, given the complexities of deception in cyber operations.
DataBreaches has also attempted communication with ShinyHunters for comments regarding REsecurity’s assertions. While an immediate response was not available, an anonymous source contacted DataBreaches via Signal, offering client data and AI chat logs to substantiate claims that SLH had indeed acquired real data. This situation continues to evolve and will be monitored closely.
