Cybersecurity firm Group-IB has just announced that a hacker group called ResumeLooters has stolen personal data of more than 2 million job seekers by infiltrating 65 commercial and employment websites through SQL and XSS attacks.

The attacks focused on the APAC region, targeting websites in Australia, China, Thailand, India, Vietnam, etc. ResumeLooters collected names, email addresses, phone numbers, employment histories, education levels, and other relevant information of job seekers. According to Group-IB, the criminal group was founded in November 2023 and sold the stolen data through Telegram channels.

ResumeLooters mainly uses open source tools such as SQLmap, Acunetix, Metasploit... to attack through SQL and XSS to penetrate retail and job search websites. Once identifying and exploiting security weaknesses on the websites, the group will inject malicious commands into multiple locations in the HTML.

When properly injected, a set of malicious scripts are executed to display phishing forms to steal visitors' information. Group-IB said it has seen cases where hackers used custom techniques such as creating fake employer profiles and posting fake CVs to contain XSS scripts.

Group-IB was able to gain access to the stolen database through a misconfiguration, and said the attackers attempted to gain administrator access to some of the compromised websites. While the origin of the attackers has not been confirmed, ResumeLooters reportedly sold the data to Chinese-speaking groups, as well as using Chinese versions of open-source tools.