security: Investigating targeted “payroll pirate” attacks affecting US universities
Microsoft Security Blog
2025-10-09
Microsoft Threat Intelligence has uncovered a financially motivated threat actor, tracked as Storm-2657, conducting "payroll pirate" attacks against US universities by compromising employee accounts to access profiles and redirect salary payments to attacker-controlled accounts.