News Heading - 1

Hackers Exploit Job Sites to Steal Millions of User Data

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A previously unknown threat actor was found to be targeting recruitment and retail companies in the APAC region, with a motive to harvest emails and other sensitive user information.

First detected in November 2023, the unknown hackers dubbed ‘’ResumeLooters’’ by the Singapore-based Group-IB, harvested data from 65 websites between November-December 2023.

By using SQL injection technique (SQLi) and cross-site scripting (XSS) infections into a few websites, the gang was discovered selling the extracted data on “Chinese-speaking, hacking-themed Telegram groups.”

‘’ResumeLooters tried inserting XSS scripts into all possible web forms of the targeted websites, hoping they would display phishing forms to obtain admin credentials,’’ Group-IB disclosed .

The stolen data is said to contain 2,188,444 user records, of which 510,259 data is from job search websites. These records consist of names, phone numbers, date of birth, employment history, email address, and other sensitive data. Moreover, it is believed that the campaign enabled hackers to successfully harvest more than two million unique email addresses.

Focussing on the APAC region, the campaign mainly targeted companies in India (12), Taiwan (10), Thailand (9), Vietnam (7), and China (3). Furthermore, Group-IB revealed that companies in Brazil, the USA, Turkey, Russia, Mexico, Italy, and some other non-APAC countries were also on the list of victims.

The identified companies were notified in order to contain the incident and prevent further damages.

Mainly relying on SQL injection via sqlmap as an initial vector, the gang also relied on other penetration testing tools. Applications like sqlmap, Acunetix, Beef Framework, X-Ray, Metasploit, ARL (Asset Reconnaissance Lighthouse), and Dirsearch were found on its servers.

According to the threat intelligence company, this is the second group in less than two months that was found ‘’conducting SQL injection attacks against companies in the Asia-Pacific region.’’ In December 2023, the firm discovered GambleForce , an SQL injection gang that attacked 20 websites in the region.

News Heading - 2

Clorox and Johnson Controls Reveal Cyberattack-Related Financial Losses

  • Written by Shipra Sanganeria Cybersecurity & Tech Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Two new earnings reports filed last week with the Securities & Exchange Commission disclosed the financial impact of cyber security-related incidents on an organizations’ profit.

American Cleanings product manufacturer, Clorox, in its regulatory filing revealed that the August 2023 attack had resulted in wide-scale operational disruptions, including delays in order processing and goods production. In addition to affecting sales and earnings, the incident forced the company to temporarily take down certain systems to contain the incident.

In its regulatory filing, Clorox reported incurring $49 million in expenses (six months ending December 2023) related to the incident.

“The costs incurred relate primarily to third-party consulting services, including IT recovery and forensic experts and other professional services incurred to investigate and remediate the attack, as well as incremental operating costs incurred from the resulting disruption to the Company’s business operations,” disclosed Clorox.

The company further went on to say in the coming period, it hopes to lessen cyberattack-related expenses, by improving and streamlining its business operations.

In a separate incident, multinational conglomerate, Johnson Controls, revealed that September 2023 ransomware attack had resulted in data theft and incident-related expenses of $27 million.

‘’These impacts were primarily attributable to expenses associated with the response to, and remediation of, the incident, and are net of insurance recoveries,’’ the filing revealed .

“The company expects to incur additional expenses associated with the response to, and remediation of, the incident throughout fiscal 2024, most of which the company expects to incur in the first half of the year”.

“These expenses include third-party expenditures, including IT recovery and forensic experts and others performing professional services to investigate and remediate the incident, as well as incremental operating expenses incurred from the resulting disruption to the company’s business operations.”

The cybersecurity incident which was discovered on September 23, 2023, impacted Johnson’ s internal IT infrastructure and applications, including specific billing systems.