Financially motivated hackers running payroll pirate attacks, specializing in AiTM session hijacks against Canadian Microsoft users.

How do Storm-2755 payroll pirate attacks work?

They poison searches, steal sessions via fake logins, bypass MFA, then tweak HR/payroll settings to redirect salaries.

How to protect against Storm-2755 attacks?

Switch to phishing-resistant MFA (FIDO2), monitor logs for Axios user-agents and 50199 errors, verify all login URLs.

🎯 Threat Intelligence

Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft

Your next paycheck could vanish into a hacker's account—without you noticing. Storm-2755's payroll pirate attacks show how session hijacking turns everyday logins into financial heists.

theAIcatchup Apr 09, 2026 4 min read

Digital illustration of a pirate ship hijacking a payroll truck in a cyber cityscape

⚡ Key Takeaways

Storm-2755 uses AiTM to bypass MFA and hijack sessions for payroll theft, targeting Canadians via SEO poisoning. 𝕏
Legacy MFA fails here—phishing-resistant options like FIDO2 are essential. 𝕏
Architectural flaw: Reusable tokens enable stealthy persistence; expect global spread. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AiTM attacks #MFA bypass #Storm-2755 #payroll attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Microsoft Security Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Figure Breach: When 967K Emails Turn MFA into a Speed Bump

AI's Dark Turn: How Hackers Made It Their Ultimate Cyber Weapon

Microsoft Device Code Phishing Ravages Hundreds Daily

Coca-Cola and Ferrari Job Offers Hijacking Your Google Accounts in Real Time

Stay in the loop