Security News > 2024 > February > Crime gang targeted jobseekers across Asia, looted two million email addresses
Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia.
The actors, dubbed "ResumeLooters" by Group-IB, used SQL injection and Cross-Site Scripting attacks to steal databases from the sites.
Group-IB believes the main goal was to steal admin credentials, but found no evidence the gang succeeded with that effort.
"The presence of this code on these pages does not necessarily imply that it was executed on every device. However, it does indicate the persistence of the attackers and their attempts to inject their XSS scripts into all possible input fields on the targeted websites. Group-IB has also found evidence that the XSS script was executed on some of the visitors' devices," noted Group-IB's infosec analysts.
Although all compromised websites were found at the end of 2023, Group-IB believes the attacks began as early as January of the same year.
Commands on the server led Group-IB to believe that the threat actors were attempting to gain shell access on target systems to download and execute additional payloads and hunt for additional data while in control of a victim's server.