SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
'ResumeLooters' cyber-attack disrupts 65 companies across Asia-Pacific
Thu, 8th Feb 2024

A cyber-attack campaign operating under the name 'ResumeLooters' has reportedly compromised at least 65 company websites, predominantly in the Asia-Pacific region, through a series of SQL injection and Cross-Site Scripting (XSS) attacks. Group-IB, a Singapore-based cybersecurity firm, has identified numerous victims located in India, Taiwan, Thailand, Vietnam, China, and Australia. The attack reveals a marked ability to exploit weak spots in job search and retail websites through the use of penetration testing frameworks and open-source tools.

The campaign by ResumeLooters sheds light on a carefully engineered attack that involved the skilful execution of SQL injection and XSS operative tactics. The damage inflicted by these activities stands significantly high, with personal data theft involving more than two million individuals, as the attackers pilfered and then sold on the compromised information.

In light of the growing peril posed by such operations, Group-IB has advised companies to employ robust security measures to safeguard against such intricate injection attacks. The cybersecurity firm suggests, "Companies are recommended to use parameterised or prepared statements instead of directly concatenating user input into SQL queries. It is essential to implement comprehensive input validation and sanitisation on both the client and server sides."

The notable prominence of Chinese-speaking channels on Telegram for the sale of stolen data reflects the wider issue of effectively monitoring and countering cybercrime within the sphere of encrypted messaging platforms.

Nikita Rostovcev, a Senior Analyst at Group-IB, expressed concern over the increasing threat posed by SQL injection attacks in the Asia-Pacific region. Despite their age, these attacks persist and continue to target companies effectively. Rostovcev remarked, "In less than two months, we have identified yet another threat actor conducting SQL injection attacks against companies in the Asia-Pacific region. It is striking to see how some of the oldest yet remarkably effective SQL attacks remain prevalent in the region."

"However, the tenacity of the ResumeLooters group stands out as they experiment with diverse methods of exploiting vulnerabilities, including XSS attacks. Additionally, the gang's attacks cover a vast geographical area."

The dedication of the ResumeLooters group has struck a chord as they sample various methods of capitalising on vulnerabilities, including XSS attacks. The groups' activities spread across a considerable geographical expanse, setting it apart from other threat actors. In comparison with Gambleforce, a group involved in SQL injection attacks reported in December 2023, ResumeLooters displays a considerably diverse modus operandi.

As more information comes to the fore about these sophisticated cyber threats, it is becoming increasingly crucial for organisations to establish stringent security measures and counterintelligence to trace and inhibit these perilous campaigns.

Identifier of the victims, Group-IB, is a cybersecurity company headquartered in Singapore with a global presence. They specialise in providing a range of cybersecurity services, including threat intelligence, incident response, digital forensics, and fraud prevention. The company's expertise lies in detecting, investigating, and mitigating various cyber threats, such as hacking, malware, phishing, and financial fraud.