Group-IB, a cybersecurity firm based in Singapore, recently uncovered a concerning threat group operating in Asia known as “ResumeLooters.” These cybercriminals have been active for the past two months of 2023, targeting websites operated by job boards and retailers across the region.
Employing sophisticated techniques like SQL injection and Cross-Site Scripting (XSS) attacks, the ResumeLooters managed to breach databases on these websites, resulting in the theft of sensitive information. This includes over two million email addresses, as well as names, phone numbers, dates of birth, and even employment history.
While their primary targets were job search websites, the group also set their sights on e-commerce companies, some of which are popular in their respective markets. The attacks, although discovered towards the end of 2023, are believed to have commenced as early as January of the same year.
Interestingly, the cybercriminals utilized XSS scripts on legitimate job search websites, embedding malicious code into web pages to carry out their nefarious activities. While their main objective seemed to be obtaining admin credentials, there’s no concrete evidence to suggest they succeeded in this endeavor.
The majority of victims were located in the APAC region, with India, Taiwan, Thailand, and Vietnam being among the most affected countries. Group-IB’s investigation also uncovered a malicious server containing logs of various penetration testing tools favored by the threat actors.
Further analysis revealed that the email address associated with ResumeLooters led to Chinese-language Telegram accounts, indicating a potential connection to China. This aligns with findings that some comments in the attackers’ code were written in Chinese.
Overall, the activities of the ResumeLooters underscore the ongoing threat posed by cybercriminals in the digital landscape, emphasizing the importance of robust cybersecurity measures to safeguard sensitive data from malicious actors.