Security News > 2024 > February > ResumeLooters target job search sites in extensive data heist

Group-IB identified a large-scale malicious campaign primarily targeting job search and retail websites of companies in the Asia-Pacific region.

ResumeLooters is confirmed to have stolen several databases containing 2,079,027 unique emails and other records, such as names, phone numbers, dates of birth, and information about job seekers' experience and employment history.

The stolen data was then offered for sale by ResumeLooters in Telegram channels.

As a result, the gang injected malicious SQL queries into 65 job search, retail, and other websites and retrieved a total of 2,188,444 rows, of which 510,259 were user data from employment websites.

"In less than two months, we have identified yet another threat actor conducting SQL injection attacks against companies in the Asia-Pacific region," says Nikita Rostovcev, Senior Analyst at the Advanced Persistent Threat Research Team, Group-IB. "It is striking to see how some of the oldest yet remarkably effective SQL attacks remain prevalent in the region. However, the tenacity of the ResumeLooters group stands out as they experiment with diverse methods of exploiting vulnerabilities, including XSS attacks. Additionally, the gang's attacks cover a vast geographical area," Rostovcev continued.

In addition to SQL injection attacks, they have successfully executed XSS scripts on at least four legitimate job search websites.

News URL

https://www.helpnetsecurity.com/2024/02/06/resumelooters-target-job-search-sites-data-heist/