Email threat landscape: Q1 2026 trends and insights
Microsoft disrupts Tycoon2FA phishing platform; Storm-2755 targets Canadian payroll in Q1 2026.
Summary
Q1 2026 saw increased email threats including credential phishing, QR code phishing, and CAPTCHA-gated campaigns. Microsoft disrupted the Tycoon2FA phishing platform, resulting in a 15% volume decrease and forcing threat actors to shift tactics. Separately, Microsoft DART identified Storm-2755, a financially motivated threat actor compromising Canadian employee accounts to divert salary payments to attacker-controlled accounts.
Full text
April 9 12 min read Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts.
Indicators of Compromise
- malware — Tycoon2FA