Incident response for AI: Same fire, different fuel
Microsoft DART identifies Storm-2755 threat actor targeting Canadian employees for payroll theft.
Summary
Microsoft's Incident Response and Detection team discovered Storm-2755, a financially motivated threat actor compromising Canadian employee accounts to steal salary payments. The group targets employee profiles and redirects payroll to attacker-controlled accounts. This incident highlights evolving IR practices needed to detect and respond to AI-era threats with new telemetry and skills.
Full text
April 9 12 min read Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts.
Indicators of Compromise
- malware — Storm-2755