"Payroll Pirates" are actively targeting employees in US institutions of higher education to plunder staff wages without touching the employer's systems directly.- reports Microsoft Threat Intelligence.

Threat actor Storm-2657 is using phishing emails designed to harvest multi-factor authentication (MFA) codes to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. https://www.microsoft.com/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/ #Hackers #CyberAttack #MFA #Phishing #CyberSecurity #Microsoft #Storm2657 #PayrollPirate #Security

#Microsoft warns of new “Payroll Pirate” #scam stealing employees’ direct deposits

Microsoft is warning of an active scam that diverts employees' #paycheck payments to attacker-controlled accounts after first taking over their profiles on #Workday or other cloud-based #HR services

#PayrollPirate , gains access to victims’ HR portals by sending them #phishing emails that trick the recipients into providing their #credentials for logging in to the cloud account
#security

https://arstechnica.com/security/2025/10/payroll-pirate-phishing-scam-that-takes-over-workday-accounts-steals-paychecks/

Universities are under attack! Cybercriminals are using ultra-realistic phishing to hijack HR emails and reroute payroll funds. Could your institution be next?

https://thedefendopsdiaries.com/universities-targeted-by-sophisticated-payroll-pirate-cyberattacks/

#payrollpirate
#phishingattacks
#universitycybersecurity
#mfaexploits
#businessemailcompromise