Connect with us

Hi, what are you looking for?

Crime

Crime gang targeted jobseekers across Asia, looted two million email addresses

Group-IB, a cybersecurity firm based in Singapore, recently uncovered a concerning threat group operating in Asia known as “ResumeLooters.” These cybercriminals have been active for the past two months of 2023, targeting websites operated by job boards and retailers across the region.

Employing sophisticated techniques like SQL injection and Cross-Site Scripting (XSS) attacks, the ResumeLooters managed to breach databases on these websites, resulting in the theft of sensitive information. This includes over two million email addresses, as well as names, phone numbers, dates of birth, and even employment history.

While their primary targets were job search websites, the group also set their sights on e-commerce companies, some of which are popular in their respective markets. The attacks, although discovered towards the end of 2023, are believed to have commenced as early as January of the same year.

Interestingly, the cybercriminals utilized XSS scripts on legitimate job search websites, embedding malicious code into web pages to carry out their nefarious activities. While their main objective seemed to be obtaining admin credentials, there’s no concrete evidence to suggest they succeeded in this endeavor.

The majority of victims were located in the APAC region, with India, Taiwan, Thailand, and Vietnam being among the most affected countries. Group-IB’s investigation also uncovered a malicious server containing logs of various penetration testing tools favored by the threat actors.

Further analysis revealed that the email address associated with ResumeLooters led to Chinese-language Telegram accounts, indicating a potential connection to China. This aligns with findings that some comments in the attackers’ code were written in Chinese.

Overall, the activities of the ResumeLooters underscore the ongoing threat posed by cybercriminals in the digital landscape, emphasizing the importance of robust cybersecurity measures to safeguard sensitive data from malicious actors.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Business

Shareholders made significant decisions on Thursday regarding the leadership of Norfolk Southern, one of the largest railroads in the United States. While three of...

Technology

Apple is gearing up for a significant refresh of its iPad lineup in 2024, starting with the anticipated launch of the iPad Pro in...

Business

Microsoft Teams had a major hiccup on Friday, causing disruptions and various issues for users. The problem started around 11 a.m. EST and quickly...

Entertainment

Olivia Rodrigo’s Guts World Tour is gaining attention not only for her musical prowess but also for her distinctive fashion choices on stage. Styled...