Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries Storm-2657 exploits phishing and weak MFA to hijack HR SaaS accounts and redirect payroll funds.

Storm-2657 is stealing paychecks by hijacking HR accounts—another reason access controls and audit logs in platforms like Workday matter. #Cybersecurity #Storm2657 #HRSoftware #Workday #SaaSSecurity thehackernews.com/2025/10/micr...

Payroll Pirate Attacks Target US Universities

~Microsoft~
Threat actor Storm-2657 is using phishing to compromise university employee accounts and divert payroll via HR SaaS platforms like Workday.
-
IOCs: (None identified)
-
#BEC #Phishing #Storm2657 #ThreatIntel