Microsoft Threat Intelligence reports a series of financial cyberattacks targeting U.S. universities by the threat actor Storm-2657, which exploits weak authentication to hijack payroll systems via phishing and social engineering. The attacks focused on changing payroll details in cloud HR platforms like Workday, emphasizing the need for stronger MFA measures to prevent credential theft and account compromise. #Storm-2657 #Workday #BusinessEmailCompromise
Keypoints
- Storm-2657 used convincing phishing campaigns to access university accounts and steal credentials.
- Attackers altered payroll settings in Workday to redirect salaries to fraudulent bank accounts.
- Hijacking MFA devices and creating inbox rules helped hide malicious activities from victims.
- Phishing emails mimicked official university communications, increasing the success rate of social engineering.
- Microsoft recommends adopting passwordless MFA solutions and monitoring for suspicious account changes.
Read More: https://thecyberexpress.com/payroll-pirate-attacks-target-u-s-universities/