TZUTC: -0500   
   MSGID: 1926.consprcy@1:2320/105 2dc3bc80   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Notorious hacking collective returns - but researchers say they fell for a   
   honeypot   
      
   Date:   
   Tue, 06 Jan 2026 16:25:00 +0000   
      
   Description:   
   Scattered Lapsus$ Hunters fell for a honeypot and exposed IP addresses and   
   other valuable data.   
      
   FULL STORY   
      
   After a few months in the dark, the infamous Scattered Lapsus$ Hunters (SLH)   
   are back to their usual shenanigans. This time around, however, it would have   
   been better for them to have remained hidden.    
      
   For those who are unaware of SLH, this is a hacking collective made from   
   members of cybercriminal groups Scattered Spider, Lapsus$, and ShinyHunters.    
      
   They became widely popular in September 2025, when they claimed    
   responsibility for a major breach at Jaguar Land Rover. This incident halted   
   vehicle production worldwide and drew huge media attention, because of its   
   scale and impact - materializing into one of the costliest attacks in UK   
   history.   
      
   The 'gotcha' moment    
      
   Soon after, they announced their withdrawal, most probably to get out of the   
   spotlight. Earlier this week, though, they announced breaking into the   
   cybersecurity company Resecurity:    
      
   "We would like to announce that we have gained full access to Resecurity   
   systems. We took everything," SLH said on Telegram, Cybernews reports. They   
   said Resecurity got "fully owned," losing internal chats, employee data,   
   client lists, and other sensitive information.   
      
   But it seems they fell for a rather sophisticated bait. Resecurity said that   
   this was, in fact, a honeypot filled with fake accounts, fake data, and fake   
   content:    
      
   "Following our publication, the group called ShinyHunters, previously profiled   
   by Resecurity, fell into a honeypot. In fact, we are dealing with its   
   rebranded version, which calls itself SLH due to the alleged overlap between   
   the threat actors ShinyHunters, Lapsus$, and Scattered Spider," the company   
   said.    
      
   "The group claimed that it has gained full access to Resecurity systems, which   
   is a clear overstatement, as the honeypot environment prepared by us did not   
   contain any sensitive information."   
      
   The ramifications are quite severe for SLH. Resecurity has now exposed the IP   
   addresses they use and were even able to identify the actor and link one of   
   his active Gmail accounts to a US-based phone number and a Yahoo account. Its   
   not full-blown doxxing, but it is the next best thing.    
      
   The activity has been imaged and retained, including exact timestamps and   
   network connections, which have been shared with law enforcement.    
      
   Now, lets see if this development leads to any arrests and if, as some   
   researchers claim, the group has minors as members.    
      
    Via Cybernews    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/notorious-hacking-collective-returns-bu   
   t-researchers-say-they-fell-for-a-honeypot   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 275 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12   
   SEEN-BY: 5075/35   
   PATH: 2320/105 229/426