ResumeLooters steals job seeker data in Vietnam

Cybersecurity firm Group-IB has just announced that a hacker group called ResumeLooters has stolen personal data of more than 2 million job seekers by infiltrating 65 commercial and employment websites through SQL and XSS attacks.

The attacks focused on the APAC region, targeting websites in Australia, China, Thailand, India, Vietnam, etc. ResumeLooters collected names, email addresses, phone numbers, employment histories, education levels, and other relevant information of job seekers. According to Group-IB, the criminal group was founded in November 2023 and sold the stolen data through Telegram channels.

ResumeLooters mainly uses open source tools such as SQLmap, Acunetix, Metasploit... to attack through SQL and XSS to penetrate retail and job search websites. Once the security weaknesses on the websites have been identified and exploited, the group will inject malicious commands into multiple locations in the HTML.

When properly injected, a set of malicious scripts is executed to display phishing forms to steal visitors' information. Group-IB said it has seen cases of hackers using custom techniques such as creating fake employer profiles and posting fake CVs to contain XSS scripts.

Group-IB was able to gain access to the stolen database through a misconfiguration, with the attackers reportedly attempting to gain administrator access to some of the compromised websites. While the origin of the attackers has not been confirmed, ResumeLooters reportedly sold the data to Chinese-speaking groups, as well as using Chinese versions of open-source tools.