‘Looting US university salaries’: Microsoft warns of ‘payroll pirate’ scam

A sophisticated cybercrime group, Storm-2657, is targeting US university payroll systems, diverting staff salaries since March 2025. Exploiting weak security and compromised email accounts, attackers infiltrate HR software like Workday to reroute paychecks. This audacious scheme, dubbed ‘payroll pirate,’ highlights the urgent need for stronger cybersecurity measures in academic institutions.