What are payroll pirate attacks?

They're BEC variants where hackers hijack employee or HR accounts to reroute direct deposits, often via AiTM phishing bypassing MFA.

How do AiTM attacks steal Microsoft 365 sessions?

Fake login pages proxy your real authentication, grabbing session cookies and tokens for replay without re-entering creds.

How can I protect my company from payroll pirates?

Switch to phishing-resistant MFA, block legacy auth, monitor inbox rules, and revoke sessions on any red flags.

🎯 Threat Intelligence

Payroll Pirates Steal Microsoft Salaries in Canada: The AiTM Hijack Exposed

Storm-2755 isn't just phishing passwords—they're replaying full sessions to siphon salaries straight from HR systems. Microsoft's wake-up call hits close to home for every tech worker.

theAIcatchup Apr 10, 2026 4 min read

Cyber attackers hijacking payroll on Microsoft 365 login page with fake domain

⚡ Key Takeaways

Storm-2755 uses AiTM to bypass MFA and hijack Microsoft Canadian salaries via session replay. 𝕏
Microsoft recommends phishing-resistant MFA and legacy auth blocks to counter these payroll pirate attacks. 𝕏
FBI reports $3B+ in BEC losses last year; expect escalation without enterprise-wide hardening. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AitM phishing #Microsoft 365 security #Storm-2755 #payroll pirate attacks

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Hackers Poison Office 365 Searches to Siphon Canadian Paychecks

Storm-2755's Payroll Pirates: Hijacking Canadian Paychecks via Session Theft

Europol and Microsoft Shred Tycoon 2FA's MFA Bypass Machine

FrostArmada's Fall: How Cops Crushed Russia's Router Spy Network Targeting Microsoft Logins

Stay in the loop