Storm-2755: Payroll Pirates Hijack Canadian Salaries

/MEDIUM
SCW threat-intel
Storm-2755: Payroll Pirates Hijack Canadian Salaries

Microsoft’s Incident Response team has identified a new threat actor, dubbed Storm-2755, specifically targeting Canadian employees. This financially motivated group is compromising employee accounts to gain access to payroll systems. Their endgame? Diverting salary payments directly into accounts controlled by the attackers. This isn’t just about stealing data; it’s about directly siphoning funds that should be going to legitimate employees.

The modus operandi involves compromising individual employee accounts, likely through phishing or credential stuffing, to then pivot into the company’s payroll infrastructure. Once inside, they manipulate payment details, rerouting paychecks before they reach the intended recipients. Cyber Threat Intelligence highlighted these findings, emphasizing the direct financial impact on both employees and organizations. This sophisticated approach to payroll fraud poses a significant risk, requiring robust security measures beyond standard endpoint protection.

What This Means For You

  • Implement multi-factor authentication (MFA) on all employee accounts, especially those with access to financial or HR systems, and conduct regular, targeted phishing simulations to test employee awareness of credential compromise tactics.

By Shimi's Cyber World Editorial

Track this organization in your watchlist Get instant alerts when vendors or threat actors appear in our feed. Search by org, country, or threat group — free via Telegram.
Open Intel Bot →