HQ/EMEAFind out how we can help your business
The hacking collective identified as “ResumeLooters” has effectively swiped personal information from more than two million job seekers through the exploitation of security weaknesses in 65 authentic job listings and retail platforms.
Concentrating their efforts on the Asia-Pacific (APAC) region, the threat group specifically honed in on nations including Australia, Taiwan, China, Thailand, India, and Vietnam. The compromised data encompasses a range of sensitive details, including names, email addresses, phone numbers, employment records, educational backgrounds, and other pertinent personal information of job seekers.
ResumeLooters used SQL injection and XSS to compromise sites, attempting to sell stolen data on Telegram.
The attackers employed sophisticated techniques, utilising SQL injection and cross-site scripting (XSS) attacks to compromise the targeted sites. Cybersecurity firms that have been monitoring ResumeLooters since its inception revealed that the attackers attempted to sell the stolen data through Telegram channels in November 2023.
ResumeLooters executed their attacks with a combination of open-source tools, including SQLmap for automating the detection and exploitation of SQL injection flaws, Acunetix for web vulnerability scanning, and Metasploit for developing and executing exploit code against targets. The threat group also utilised custom attack techniques, such as creating fake employer profiles and posting fraudulent CV documents containing XSS scripts.
One notable observation by security researchers was the attackers’ operational security mistake, which allowed the cybersecurity firm to infiltrate the database hosting the stolen data. This revelation uncovered that the attackers had managed to establish administrator access on some of the compromised sites.
The threat group operates with a clear financial motive, attempting to sell the stolen data to other cybercriminals through at least two Telegram accounts using Chinese names – “渗透数据中心” (Penetration Data Center) and “万国数据阿力” (World Data Ali). While the security experts did not openly confirm the origin of the attackers, the use of Chinese versions of hacking tools and selling data to Chinese-speaking groups strongly suggests a connection to China.
This cybersecurity threat emphasises the persistent challenges confronted by both individuals and organisations in securing sensitive information on the internet. It is imperative for businesses to increasingly prioritise the implementation of robust cybersecurity measures to defend against sophisticated threats, such as those posed by ResumeLooters.
