The agentic SOC—Rethinking SecOps for the next decade
Microsoft DART tracks Storm-2755 threat actor targeting Canadian employees for payroll diversion attacks.
Summary
Microsoft's Incident Response team identified Storm-2755, a financially motivated threat actor conducting targeted attacks against Canadian employee accounts. The attackers compromise employee profiles to redirect salary payments to attacker-controlled accounts, representing a novel "payroll pirate" attack vector. The research highlights emerging threats in the identity and access management space with direct financial impact.
Full text
April 9 12 min read Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts.
Indicators of Compromise
- malware — Storm-2755