Teenage Cyber Gangs Tricked by Synthetic Data: Inside the Honeypot Sting That Exposed Scattered Lapsus$ Hunters
Subtitle: Security researchers outsmart notorious hacking crew with a clever blend of fake and real breached data-raising new questions about the ethics of digital deception.
On a chilly December night, a group of hackers boasting about their latest conquest didn’t realize they’d just walked into a digital trap. Their prey? Not a Fortune 500 company, but a security research firm-Resecurity-whose calculated counterattack laid bare the inner workings of a cybercrime crew with ties to some of the most infamous breaches of recent years.
Fast Facts
- Resecurity snared members of Scattered Lapsus$ Hunters using a honeypot laced with synthetic and previously leaked data.
- The operation targeted hackers linked to overlapping groups: Lapsus$, ShinyHunters, and Scattered Spider.
- Researchers used AI-generated content and old breached records to make their bait irresistible and realistic.
- The sting led to the identification of attackers’ online accounts and a US-based phone number, now in law enforcement hands.
- The use of real stolen data in honeypots raises ethical debates within the cybersecurity community.
The story began when Resecurity detected suspicious reconnaissance on its network-an attacker poking around, likely seeking sensitive company information. Instead of tightening the digital hatches and shutting the actor out, the security team set a trap: a honeypot, meticulously designed to mimic a treasure trove of valuable data.
But this wasn’t just any fake. Resecurity’s bait combined AI-generated “synthetic data” with old, already-breached records sourced from the dark web. The result? A convincing stash of consumer and payment information, complete with fabricated messages and accounts-enough to fool even advanced threat actors.
Within weeks, members of a loosely connected hacking syndicate-known as Scattered Lapsus$ Hunters and linked to the notorious Lapsus$, ShinyHunters, and Scattered Spider groups-took the bait. The group, part of a larger English-speaking cybercrime scene dubbed “The Com” and often composed of teenagers, bragged online about their supposed breach of Resecurity. They even posted screenshots as proof-unwittingly revealing their interaction with the decoy system and leaving digital fingerprints behind.
Resecurity used social engineering to further interact with the attackers, ultimately tracing them to specific email accounts and a US phone number. The findings have since been passed to law enforcement, potentially putting a dent in the group’s future operations.
Yet the operation raises an uncomfortable question: is it ethical for defenders to use real, albeit outdated and publicly leaked, personal data as bait? Resecurity argues that mixing fake and real data is essential to fool sophisticated attackers, emphasizing that none of the lures involved customer information. “Bad actors do not operate under ethical constraints,” the company stated, justifying their tactics as a necessary evil in the fight against cybercrime.
As cybercriminals grow younger and more audacious, defenders are forced to innovate-sometimes blurring the lines between offensive and defensive tactics. For now, Resecurity’s sting stands as a rare victory in a digital cat-and-mouse game, but it’s a reminder that in the shadows of the internet, trust is always in short supply-and the hunters may find themselves hunted.
WIKICROOK
- Honeypot: A honeypot is a fake system set up to attract cyber attackers, enabling organizations to study attack methods without endangering real assets.
- Synthetic Data: Synthetic data is artificially created information that mimics real data, used for testing, research, and privacy protection when real data can't be used.
- PII (Personally Identifiable Information): PII is any information that can identify a person, like a name, address, or social security number, and must be protected to ensure privacy.
- Dark Web: La Dark Web è la parte nascosta di Internet, accessibile solo con software speciali, dove spesso si svolgono attività illegali e si garantisce l’anonimato.
- Social Engineering: Social engineering is the use of deception by hackers to trick people into revealing confidential information or providing unauthorized system access.




