ResumeLooters

Description

(Group-IB) In November 2023, Group-IB’s Threat Intelligence unit detected a massive malicious campaign targeting employment agencies and retail companies primarily located in the APAC region, to steal and sell sensitive user data.

The campaign was attributed to a previously unknown group. Due to the threat actor’s focus on job search platforms and the theft of resumes, Group-IB dubbed it ResumeLooters. Overall, the researchers identified 65 websites compromised by ResumeLooters between November 2023 and December 2023. By using SQL injection attacks against websites, the threat actor attempts to steal user databases that may include names, phone numbers, emails, and DOBs, as well as information about job seekers’ experience, employment history, and other sensitive personal data. The stolen data is then put up for sale by the threat actor in Telegram channels, identified by Group-IB’s Threat intelligence platform.

Names

Name	Name-Giver
ResumeLooters	Group-IB

Country

Unknown

Motivation

Financial gain

First Seen

2023

Observed Sectors

Observed Countries

Information

https://www.group-ib.com/blog/resumelooters/

Other Information

Uuid

316700c9-382f-4846-a537-02b2749a397c

Last Card Change

2024-03-06

Threat Intelligence Garden

Explorer

ResumeLooters

ResumeLooters

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks