Microsoft has identified a sophisticated cybercriminal group identified as Storm-2755 that is systematically compromising employee accounts to intercept salary payments across Canada. The financially driven threat actors are exploiting account takeovers to redirect payroll funds, representing a significant threat to Canadian workers and their employers.
The attack campaign focuses on gaining unauthorized access to employee credentials, allowing the threat actors to manipulate payroll systems and divert compensation before it reaches legitimate recipients. This type of credential-based assault has become increasingly prevalent among financially motivated cyber criminals seeking quick access to substantial sums of money.
Storm-2755 operates by first penetrating employee accounts through various means, then leveraging that access to modify payroll instructions and redirect funds to accounts controlled by the threat actors. The group's focus on Canadian targets suggests a deliberate geographic strategy to exploit specific vulnerabilities or organizational weaknesses within that region.
Organizations are being advised to implement enhanced security measures to protect employee accounts from unauthorized access. Multi-factor authentication, regular account monitoring, and robust payroll system controls are among the recommended defenses against this emerging threat.
The discovery of this campaign underscores the ongoing risks posed by financially motivated threat actors who target critical business processes like payroll management. Companies operating in Canada should review their account security protocols and employee notification procedures to mitigate potential damage from similar attacks targeting their workforce.