Read at BleepingComputer
A threat group known as 'ResumeLooters' has stolen personal data from over two million job seekers by exploiting security weaknesses in 65 legitimate job listing and retail sites. The group mainly targeted sites in the APAC region, focusing on Australia, Taiwan, China, Thailand, India, and Vietnam. The stolen data includes names, email addresses, phone numbers, employment history, education, and other relevant information. The attackers attempted to sell the stolen data through Telegram channels. ResumeLooters used SQL injection and XSS attacks to breach the targeted sites, injecting malicious scripts into various locations on the websites.
A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.
ResumeLooters employed various open-source tools during their pen-testing phase, including SQLmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL, and Dirsearch. These tools helped them identify and exploit security weaknesses on the target sites. The attackers injected malicious scripts into multiple locations in the website's HTML, which could be triggered by some injections or simply displayed in form elements or anchor tags. The stolen data was later attempted to be sold through Telegram channels.
ResumeLooters primarily employs SQL injection and XSS to breach targeted sites, mainly job-seeking and retail shops.