February 6, 2024 at 05:38AM
A Singapore-based cybersecurity firm, Group-IB, uncovered a new threat actor, ResumeLooters, targeting employment agencies and retail companies in the Asia-Pacific region. The group aims to steal sensitive data from job search platforms, compromising over 65 websites and collecting millions of user data records. The stolen information is then sold on Telegram channels. This financially motivated campaign utilizes a variety of tools such as SQL injection, cross-site scripting, and open-source software for malicious activities. The attacks highlight the significance of robust security measures in an evolving threat landscape.
From the meeting notes, it was reported that an undocumented cyber threat actor known as ResumeLooters has been targeting employment agencies and retail companies in the Asia-Pacific (APAC) region since early 2023. Their main goal is to steal sensitive data, particularly by compromising job search platforms and stealing resumes. The group has targeted as many as 65 websites, resulting in the theft of 2,188,444 user data records, with over two million unique email addresses being compromised.
Their attack strategies include SQL injection attacks, cross-site scripting (XSS) infections, and the use of tools such as sqlmap, Metasploit, dirsearch, and xray. The stolen data is then put up for sale in Telegram channels, indicating financial motivation behind the campaign.
It is noted that the group’s attacks are fueled by poor security practices and inadequate database and website management, with the group’s tenacity in experimenting with diverse methods of exploiting vulnerabilities being highlighted.
This is crucial information that underscores the urgency of addressing cybersecurity vulnerabilities within the APAC region.