A cybercrime group known as Storm-2657 has been targeting university staff in the US through sophisticated phishing and payroll hijacking attacks since March 2025. The attackers exploit weaknesses like the lack of MFA and use social engineering to compromise accounts and redirect salary payments. #Storm-2657 #Workday #BEC
Keypoints
- Storm-2657 manipulates university payroll systems through targeted phishing campaigns.
- They exploit weaknesses like absence of multifactor authentication to gain access.
- The attackers impersonate university officials and staff for convincing phishing emails.
- Once inside, they alter account settings and redirect salary payments to their accounts.
- Microsoft recommends implementing phishing-resistant MFA and investigation procedures to mitigate these attacks.