“ResumeLooters Targeting Employment Agencies and Retail Companies in APAC Region for Data Theft”

A new threat actor known as ResumeLooters has been targeting employment agencies and retail companies in the Asia-Pacific region since early 2023, with the goal of stealing sensitive data. According to cybersecurity firm Group-IB, the hacking crew has compromised as many as 65 websites, resulting in the theft of over 2 million user data records, including email addresses and personal information.

The group uses SQL injection attacks to steal user databases containing names, phone numbers, emails, and employment history. The stolen data is then sold on Telegram channels for financial gain. Group-IB also discovered evidence of cross-site scripting infections on legitimate job search websites, which can lead to phishing attacks.

ResumeLooters is the second hacking group targeting the APAC region with SQL injection attacks, following the disclosure of GambleForce in late 2023. The compromised websites are primarily based in countries such as India, Taiwan, Thailand, and China, but compromises have also been reported in other countries.

The threat actor’s modus operandi involves using tools like sqlmap, BeEF, Metasploit, and dirsearch to carry out attacks and gather sensitive data. The campaign is financially motivated, as evidenced by the creation of Telegram channels to sell the stolen information.

Security researcher Nikita Rostovcev warns that these attacks highlight the importance of strong security practices and database management. Despite the prevalence of SQL attacks in the region, ResumeLooters’ persistence in exploiting vulnerabilities, including XSS attacks, is concerning.

Follow us on Twitter and LinkedIn for more exclusive content on cybersecurity and cybercrime.