February 8, 2024 at 11:08PM
Singapore-based cyber security firm Group-IB uncovered a group, dubbed “ResumeLooters,” operating across Asia, stealing sensitive data using SQL injection and XSS attacks. The victims were mainly job search websites and e-commerce companies in Asia, with evidence showing the attacks beginning as early as January 2023. The attackers attempted to gain shell access and store stolen data for sale.
Key Takeaways from the Meeting Notes:
– Singapore-based infosec firm Group-IB has uncovered a group named “ResumeLooters” responsible for stealing personal information from job boards and retailer websites in Asia.
– The group used SQL injection and XSS attacks to obtain over two million email addresses, as well as names, phone numbers, dates of birth, and employment history.
– The initial victims were mainly job search websites, and the group also focuses on selling stolen data from recruiting agencies and e-commerce companies.
– While SQL injection was the main technique used, the threat actors also utilized XSS scripts on legitimate job search websites to steal information from victims.
– Group-IB believes the attacks began as early as January 2023 and were primarily targeted at the APAC region, with a significant number of websites compromised in India, Taiwan, Thailand, and Vietnam.
– The threat actors’ server contained logs of multiple penetration testing tools, indicating their attempts to gain access to target systems and hunt for additional data.
– The threat actors utilized Chinese-language Telegram accounts to list the stolen data for sale, and many comments in the code were made in Chinese, hinting at the attackers’ origins.
– Group-IB believes the threat actors targeted their home region, possibly indicating their familiarity with the area.
These are the key points distilled from the meeting notes. Please let me know if there’s anything else you need to be addressed.