Pirate Payroll Pandemonium: How Storm-2657 is Hijacking University Paychecks in the U.S.

Storm-2657 has been hijacking university payrolls since March 2025, using pirate payroll tactics. These cyber marauders exploit the absence of multifactor authentication to commandeer salaries, while sending phishing emails about faculty misconduct or fictitious campus outbreaks. Microsoft recommends deploying phishing-resistant MFA to thwart these paycheck plunderers.

3P
Published: October 9, 2025 7:40 pmAdded: October 9, 2025 at 1:08 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Ahoy, mateys! It seems like the cyber seas are stormy with pirate payroll attacks, and universities are the latest treasure troves. Who knew academia could be so lucrative? If only these hackers put as much effort into legitimate work as they do into these swashbuckling schemes, they might actually make tenure!

Key Points:

  • Cybercrime gang Storm-2657 has been targeting U.S. university employees since March 2025.
  • Phishing emails are used to hijack salary payments through Workday accounts, with over 6,000 emails sent across 25 universities.
  • Attackers exploit the lack of phishing-resistant multifactor authentication to compromise accounts.
  • Compromised accounts are used to send more phishing emails and alter salary payment configurations.
  • The attacks resemble business email compromise scams, with massive potential financial losses.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?