{
	"id": "0bda5efe-80bf-4c65-b9af-a06947c55849",
	"created_at": "2026-04-06T00:09:12.304048Z",
	"updated_at": "2026-04-10T03:27:07.66235Z",
	"deleted_at": null,
	"sha1_hash": "1327542e2ca4be46b691d4964361a413407137e4",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45077,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 12:30:56 UTC\nHome \u003e List all groups \u003e ResumeLooters\n Other threat group: ResumeLooters\nNames ResumeLooters (Group-IB)\nCountry [Unknown]\nMotivation Financial gain\nFirst seen 2023\nDescription\n(Group-IB) In November 2023, Group-IB’s Threat Intelligence unit detected a massive\nmalicious campaign targeting employment agencies and retail companies primarily located in\nthe APAC region, to steal and sell sensitive user data.\nThe campaign was attributed to a previously unknown group. Due to the threat actor’s focus\non job search platforms and the theft of resumes, Group-IB dubbed it ResumeLooters. Overall,\nthe researchers identified 65 websites compromised by ResumeLooters between November\n2023 and December 2023. By using SQL injection attacks against websites, the threat actor\nattempts to steal user databases that may include names, phone numbers, emails, and DOBs, as\nwell as information about job seekers’ experience, employment history, and other sensitive\npersonal data. The stolen data is then put up for sale by the threat actor in Telegram channels,\nidentified by Group-IB’s Threat intelligence platform.\nObserved\nSectors: Financial, Retail and Delivery, Job seeking, Professional services and Real estate..\nCountries: Australia, Brazil, China, India, Taiwan, Thailand, Turkey, Vietnam.\nTools used\nInformation Last change to this card: 06 March 2024\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=316700c9-382f-4846-a537-02b2749a397c\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=316700c9-382f-4846-a537-02b2749a397c\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=316700c9-382f-4846-a537-02b2749a397c"
	],
	"report_names": [
		"showcard.cgi?u=316700c9-382f-4846-a537-02b2749a397c"
	],
	"threat_actors": [
		{
			"id": "21a155e6-8952-49d3-b7bb-77f0e7541347",
			"created_at": "2024-03-08T02:02:15.765879Z",
			"updated_at": "2026-04-10T02:00:05.02743Z",
			"deleted_at": null,
			"main_name": "ResumeLooters",
			"aliases": [],
			"source_name": "ETDA:ResumeLooters",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "3c7567d8-0cac-4226-a6f7-d049b9abcb46",
			"created_at": "2024-02-22T02:00:03.770807Z",
			"updated_at": "2026-04-10T02:00:03.591198Z",
			"deleted_at": null,
			"main_name": "ResumeLooters",
			"aliases": [],
			"source_name": "MISPGALAXY:ResumeLooters",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434152,
	"ts_updated_at": 1775791627,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1327542e2ca4be46b691d4964361a413407137e4.pdf",
		"text": "https://archive.orkl.eu/1327542e2ca4be46b691d4964361a413407137e4.txt",
		"img": "https://archive.orkl.eu/1327542e2ca4be46b691d4964361a413407137e4.jpg"
	}
}