From d3f5a26ec069621f57655a77ee5e8bef967b21d6 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 20 Feb 2024 05:22:25 -0800
Subject: [PATCH] [threat-actors] Add ResumeLooters

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 27d998a..dc29ff4 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15208,6 +15208,16 @@
       },
       "uuid": "c74f78d1-3728-4bb9-b84f-0e46d2e870b2",
       "value": "ProCC"
+    },
+    {
+      "description": "Since the beginning of 2023, ResumeLooters have been able to compromise at least 65 websites. The group employs a variety of simple techniques, including SQL injection and XSS. The threat actor attempted to insert XSS scripts into all available forms, aiming to execute it on the administrators’ device to obtain admin credentials. While the group was able to execute the XSS script on some visitors’ devices with administrative access, allowing ResumeLooters to steal the HTML code of the pages the victims were visiting, Group-IB did not find any confirmation of admin credential thefts.",
+      "meta": {
+        "refs": [
+          "https://www.group-ib.com/blog/resumelooters/"
+        ]
+      },
+      "uuid": "76dbe26b-8b39-40f5-bc2b-9620004f388e",
+      "value": "ResumeLooters"
     }
   ],
   "version": 301