Resumelooters

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
ResumeLooters, a threat actor group identified by cybersecurity firm Group-IB in November 2023, has been actively exploiting web vulnerabilities to steal personal data. The group mainly targets victims in India, Taiwan, Thailand, Vietnam, China, and Australia, utilizing SQL injection attacks and Cross-Site Scripting (XSS) techniques to infiltrate systems. In one instance, the threat actor created a fake employer profile on a legitimate recruitment website, injecting malicious XSS script into one of the fields in the profile. This allowed them to siphon off emails and other personal information from people's resumes, as revealed by researchers in a blog post published on February 6, 2024. The group's modus operandi involves inserting XSS scripts into all possible web forms on targeted websites, with the aim of displaying phishing forms to obtain admin credentials. Group-IB discovered evidence of various penetration testing tools on ResumeLooters' malicious servers, including sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch. These tools were used to target employment websites and retail companies, indicating a broad range of potential victims. Despite their destructive capabilities, both ResumeLooters and another similar group called GambleForce employ straightforward attack methods that are easily avoidable. This highlights the importance for organizations to prioritize cybersecurity measures and remain vigilant against evolving threats. As Nikita Rostovcev, a senior threat analyst at Group-IB, noted, "ResumeLooters is yet another example of how much damage can be made with just a handful of publicly available tools." The discovery of this malicious campaign underscores the need for comprehensive security protocols, particularly in sectors handling sensitive personal data.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
XSS (Cross S...
Reconnaissance
Sql
Apt
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Resumelooters Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
6 months ago
'ResumeLooters' Attackers Steal Millions of Career Records
InfoSecurity-magazine
6 months ago
ResumeLooters Gang Steals User Info from Retail and Job Sites