The Storm-2657 cybercrime gang has been actively targeting human resources employees at US universities since March 2025 to execute payroll hijacking schemes known as ‘pirate payroll’ attacks. By compromising HR systems or employee credentials, the attackers redirect salary payments to accounts under their control, resulting in financial losses for both institutions and employees.
Such targeted attacks exploit the trusted access HR staff have to sensitive payroll data, making universities a vulnerable sector given their decentralized and often under-protected administrative systems. The campaign highlights ongoing risks in university cybersecurity practices, especially regarding employee financial data. Institutions affected may face reputational damage and increased costs due to fraud remediation efforts.
Given the specificity and persistence of this threat, universities must strengthen access controls, implement multifactor authentication, and improve employee security awareness training to mitigate these risks. The attacks underscore broader implications for payroll security in the education sector as threat actors increasingly exploit insider access vectors.
👉 Pročitaj original: BleepingComputer
