Work businesses and retail organizations chiefly located in the Asia-Pacific (APAC) area have been targeted by a previously undocumented threat actor recognized as ResumeLooters because early 2023 with the aim of stealing delicate information.
Singapore-headquartered Group-IB explained the hacking crew’s activities are geared in direction of job search platforms and the theft of resumes, with as a lot of as 65 sites compromised concerning November 2023 and December 2023.
The stolen data files are estimated to include 2,188,444 person knowledge data, of which 510,259 have been taken from career lookup sites. More than two million unique email addresses are present in the dataset.
“By using SQL injection attacks towards internet sites, the threat actor attempts to steal consumer databases that might involve names, phone numbers, emails, and DoBs, as nicely as information and facts about work seekers’ working experience, work background, and other delicate own data,” security researcher Nikita Rostovcev explained in a report shared with The Hacker Information.
“The stolen details is then put up for sale by the threat actor in Telegram channels.”
Team-IB claimed it also uncovered evidence of cross-web page scripting (XSS) bacterial infections on at minimum 4 respectable career search websites that are built to load malicious scripts accountable for displaying phishing pages able of harvesting administrator credentials.
ResumeLooters is the 2nd group just after GambleForce that has been discovered staging SQL injection attacks in the APAC location since late December 2023.
A majority of the compromised web-sites are dependent in India, Taiwan, Thailand, Vietnam, China, Australia, and Turkey, though compromises have also been noted from Brazil, the U.S., Turkey, Russia, Mexico, and Italy.
The cybersecurity company’s examination of the danger actor’s infrastructure reveals the presence of other applications like Metasploit, dirsearch, and xray, together with a folder hosting the pilfered facts.
The marketing campaign seems to be financially determined, presented the point that ResumeLooters have established up two Telegram channels named 渗透数据中心 and 万国数据阿力 last 12 months to provide the details.
“ResumeLooters is nevertheless a different illustration of how a great deal injury can be produced with just a handful of publicly accessible resources,” Rostovcev claimed. “These attacks are fueled by poor security as perfectly as insufficient databases and web-site administration practices.”
“It is hanging to see how some of the oldest but remarkably efficient SQL attacks continue to be prevalent in the region. On the other hand, the tenacity of the ResumeLooters team stands out as they experiment with numerous approaches of exploiting vulnerabilities, including XSS attacks.”
Uncovered this report interesting? Observe us on Twitter and LinkedIn to browse a lot more unique content material we article.
Some areas of this posting are sourced from: