Job Board Breach: Hackers Pilfer Millions of Resumes and Personal Data
Since early 2023, a clandestine threat group known as ResumeLooters has been systematically targeting employment agencies and retail companies, predominantly located within the Asia-Pacific (APAC) region. This group's nefarious activities, previously undocumented, have caught the attention of cybersecurity experts at Singapore-based Group-IB. Their analysis reveals a sophisticated operation aimed at stealing sensitive data for financial gain.
Between November and December 2023, ResumeLooters orchestrated attacks on approximately 65 websites, with a particular focus on job search platforms. Their modus operandi involves exploiting vulnerabilities such as SQL injection to breach databases, resulting in the theft of over 2 million user records. These records contain a treasure trove of personal information, including names, email addresses, phone numbers, and detailed employment histories.
Security researcher Nikita Rostovcev, in a report shared with The Hacker News, shed light on the group's techniques. He explained that ResumeLooters employ SQL injection attacks to infiltrate databases, often supplemented by cross-site scripting (XSS) infections on legitimate job search websites. These tactics enable the attackers to not only pilfer vast amounts of data but also potentially harvest administrator credentials.
Furthermore, Group-IB's investigation uncovered evidence suggesting that ResumeLooters utilize a range of sophisticated tools to facilitate their operations. These tools include SQLmap for SQL injection, Metasploit for exploiting vulnerabilities, and BeEF (Browser Exploitation Framework) for additional penetration testing. Rogue JavaScript code is deployed to gather sensitive data and redirect users to credential-harvesting pages, demonstrating the group's technical prowess.
The primary motivation behind ResumeLooters' activities appears to be financial gain. The stolen data is promptly advertised and auctioned off in Telegram channels dedicated to illicit activities. This underscores the need for robust cybersecurity measures to protect against such targeted attacks.
Source: https://thehackernews.com/2024/02/hackers-exploit-job-boards-in-apac.html