Microsoft: Canadian employees targeted in payroll pirate attacks

Microsoft has identified a financially motivated threat actor, Storm-2755, conducting payroll pirate attacks targeting Canadian employees. The threat actor hijacks employee accounts to redirect salary payments, enabling direct financial theft. Organizations should immediately review payroll systems, implement multi-factor authentication on all payroll-related accounts, and monitor for unauthorized changes to direct deposit information. Employee awareness training should emphasize the risks of credential compromise through phishing. Security teams should audit recent payroll modifications and establish verification procedures for salary payment changes. Microsoft is actively tracking this group and providing threat intelligence to affected organizations. The attacks demonstrate the critical importance of securing employee credentials and implementing robust controls around financial transaction systems.

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]

Microsoft has identified a financially motivated threat actor, Storm-2755, conducting payroll pirate attacks targeting Canadian employees. The threat actor hijacks employee accounts to redirect salary payments, enabling direct financial theft. Organizations should immediately review payroll systems, implement multi-factor authentication on all payroll-related accounts, and monitor for unauthorized changes to direct deposit information. Employee awareness training should emphasize the risks of credential compromise through phishing. Security teams should audit recent payroll modifications and establish verification procedures for salary payment changes. Microsoft is actively tracking this group and providing threat intelligence to affected organizations. The attacks demonstrate the critical importance of securing employee credentials and implementing robust controls around financial transaction systems. A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...] A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]