Read at Theregister
Singapore-based infosec firm Group-IB has detected a group that spent the last two months of 2023 stealing personal info from websites operated by jobs boards and retailers websites across Asia.
"The initial victims that we identified were mainly job search websites. Additionally, the group focuses on selling data stolen from recruiting agencies," Nikita Rostovcev, a senior analyst from the cyber security firm, told The Reg.
The actors, dubbed "ResumeLooters" by Group-IB, used SQL injection and Cross-Site Scripting (XSS) attacks to steal databases from the sites. That tactic produced over two million email addresses, plus names, phone numbers, dates of birth, and employment history.
"The presence of this code on these pages does not necessarily imply that it was executed on every device. However, it does indicate the persistence of the attackers and their attempts to inject their XSS scripts into all possible input fields on the targeted websites. Group-IB has also found evidence that the XSS script was executed on some of the visitors' devices," noted Group-IB's infosec analysts.