Notorious hacking collective returns - but researchers say they fell for a honeypot

• Scattered Lapsus$ Hunters resurfaced claiming a breach at Resecurity
• Resecurity revealed it was a honeypot, tricking SLH into stealing fake data and exposing their infrastructure
• Investigators now have IPs, linked accounts, and timestamps shared with law enforcement, raising prospects of arrests

After a few months in the dark, the infamous Scattered Lapsus$ Hunters (SLH) are back to their usual shenanigans. This time around, however, it would have been better for them to have remained hidden.

For those who are unaware of SLH, this is a hacking collective made from members of cybercriminal groups Scattered Spider, Lapsus$, and ShinyHunters.

They became widely popular in September 2025, when they claimed responsibility for a major breach at Jaguar Land Rover. This incident halted vehicle production worldwide and drew huge media attention, because of its scale and impact - materializing into one of the costliest attacks in UK history.