Published on February 18, 2024, 11:32 pm

Group-IB recently uncovered a significant malicious group named ResumeLooters that has been targeting job search and retail websites across the Asia-Pacific region, focusing primarily on countries such as India, Taiwan, Thailand, Vietnam, China, and Australia.

These cybercriminals successfully infiltrated at least 65 websites between November and December 2023 using SQL injection and Cross-Site Scripting (XSS) attacks. Through these breaches, they were able to pilfer databases containing over 2 million unique emails and other details of job seekers. The stolen data was later peddled in Telegram channels. Group-IB took swift action by informing the affected parties to prevent further harm.

Nikita Rostovcev, a senior analyst at Group-IB’s Advanced Persistent Threat Research Team, highlighted the alarming persistence of SQL attacks in the region. He noted that ResumeLooters demonstrated adaptability by employing various methods to exploit vulnerabilities, including XSS attacks.

ResumeLooters injected malicious SQL queries into several websites, resulting in the exfiltration of a significant amount of sensitive information. Specifically, they retrieved over 2 million rows of data, with more than half a million records originating from employment platforms.

To combat such injection attacks effectively, Group IB suggests employing parameterized or prepared statements instead of directly incorporating user input into SQL queries. Additionally, implementing stringent input validation and data sanitization measures on both client and server ends can bolster defenses against such vulnerabilities. Regular security assessments and thorough code reviews are also recommended to enhance overall protection against malicious exploits.

In light of the escalating threat landscape in the Asia-Pacific region, it is crucial for organizations to stay vigilant and proactive in safeguarding their digital assets from malevolent actors seeking to exploit security weaknesses for personal gain.


Comments are closed.