Microsoft Warns of Payroll Pirate Scheme Targeting Canadians

MICROSOFT'S DART researchers unveiled Storm-2755, a financially motivated threat actor conducting payroll pirate attacks targeting Canadian employees. The campaign involved compromising user accounts to divert salary payments to fraudulently controlled accounts. Unlike past campaigns focused on specific industries, Storm-2755 exploited geographic vulnerabilities and utilized malvertising for initial access.

Key techniques included adversary-in-the-middle (AiTM) methods to hijack authenticated sessions, enabling attackers to circumvent multi-factor authentication (MFA). The campaign's impacts led to financial losses, prompting Microsoft to offer mitigation strategies such as phishing-resistant MFA and continuous access evaluation to defend against such threats.