ResumeLooters Rampage: Job Hunters’ Data Plundered Across Asia by Cyber Syndicate

In a digital heist saga, “ResumeLooters” have been pilfering Asia’s job boards and retailers, amassing a treasure trove of personal data. Group-IB’s cyber sleuths reveal the plot thickens with SQL skullduggery and XSS shenanigans. #DataTheftDrama

Hot Take:

Move over, Ocean’s Eleven; the “ResumeLooters” are the new heist hotshots, swiping more than just your job prospects! These cyber bandits have been picking the digital pockets of Asia’s job boards and retailers, amassing a treasure trove of data that makes your LinkedIn profile look like a Post-it note. SQL injections and XSS attacks aren’t just for the IT crowd anymore – they’re the weapons of choice for these modern-day digital pirates. And just like that mismatched sock you can’t find, these guys are proving to be quite elusive!

Key Points:

  • Group-IB has unmasked the “ResumeLooters,” a cyber gang adept at SQL injections and XSS attacks, snatching data like kids at a candy store.
  • These digital pickpockets amassed over two million email addresses, along with full resumes – so much for keeping your job search on the down-low.
  • While the gang’s go-to tool was SQL injection, they weren’t afraid to get creative with XSS scripts on job search sites. Talk about a dynamic duo of dastardliness!
  • Their digital footprint was all over the APAC region, with India serving as their favorite cyber playground.
  • Despite being cyber ninjas, the ResumeLooters left a trail of digital breadcrumbs leading back to their secret lair – thanks to an open directory listing. Oops!

Need to know more?

Mastermind Missteps

Group-IB's senior analyst, Nikita Rostovcev, might not spill the beans on the retailers hit, but he confirms that e-commerce companies of all sizes got an unwanted visit from our cyber burglars. The ResumeLooters' modus operandi included setting up shop on job sites and lacing their fake profiles with XSS scripts, like a cybernetic Trojan horse ready to unleash chaos on unsuspecting job seekers.

The APAC Attraction

The ResumeLooters didn't get around much outside of the APAC region, where 70% of their digital heists took place. With the biggest hauls from India, Taiwan, Thailand, and Vietnam, it seems these cyber crooks found their comfort zone and stuck to it. It's like a cybercrime staycation with all the comforts of home!

A Digital Paper Trail

Our cybercriminal friends favored open-source tools for their nefarious needs, but they weren't exactly the stealthiest operators. They left behind a server packed with logs and notes like a diary of delinquency, and even failed to hide their tracks by leaving the directory listing wide open. That's like leaving your secret hideout's door unlocked with a "Burglars Welcome" sign.

Lost in Translation?

With a server that's a veritable Rosetta Stone of cybercrime, the ResumeLooters' penchant for Chinese-language Telegram accounts and code comments suggests they might be dialing in from the land of the Great Wall. Whether they're selling their stolen data or just adding to their collection, they're proving that the cyber world's lingua franca is less about language and more about larceny.

The Accidental Outing

In a plot twist worthy of a heist movie, the ResumeLooters' Achilles' heel was their own oversight. Leaving their directory listing out in the open was the cyber equivalent of dropping your business card at the crime scene. Thanks to this blunder, the cyber sleuths at Group-IB could trace the breadcrumbs back to the ResumeLooters' digital den of iniquity, shining a spotlight on the shadowy world of cybercrime.

Tags: Asia-Pacific Cybersecurity, Chinese hackers, data breach, malicious scripts, personal data theft, SQL Injection, XSS attacks