Group-IB, a prominent cybersecurity firm, has identified a significant malicious campaign named “ResumeLooters,” primarily targeting job search and retail websites across the Asia-Pacific region. This campaign, utilizing SQL injection and Cross-Site Scripting (XSS) attacks, successfully compromised at least 65 websites between November and December 2023.
“In less than two months, we have identified yet another threat actor conducting SQL injection attacks against companies in the Asia-Pacific region,” says Nikita Rostovcev, Senior Analyst at the Advanced Persistent Threat Research Team, Group-IB. “It is striking to see how some of the oldest yet remarkably effective SQL attacks remain prevalent in the region. However, the tenacity of the ResumeLooters group stands out as they experiment with diverse methods of exploiting vulnerabilities, including XSS attacks. Additionally, the gang’s attacks cover a vast geographical area.”
What you should know
- “ResumeLooters,” as dubbed by Group-IB, has targeted job search and retail websites in the Asia-Pacific region, with most victims located in India, Taiwan, Thailand, Vietnam, China, and Australia.
- The group stole over 2 million unique emails and other sensitive information, such as names, phone numbers, and employment history, from compromised databases. This stolen data was then offered for sale in Telegram channels.
- Operating since early 2023, ResumeLooters employs various penetration testing frameworks and open-source tools to execute its attacks, including sqlmap, Acunetix, and Metasploit.
- Despite primarily focusing on the Asia-Pacific region, compromised websites have been identified in other parts of the world, including Brazil, the USA, Turkey, and Russia.
Group-IB’s discovery of the ResumeLooters campaign highlights the growing threat of cyber attacks targeting businesses and individuals in the Asia-Pacific region. With the group’s sophisticated tactics and widespread impact, cybersecurity measures, such as implementing parameterized statements and conducting regular security assessments, are crucial for organizations to safeguard against such threats. The report serves as a reminder for heightened vigilance and proactive measures to mitigate the risks posed by malicious actors in the digital landscape.
