Twenty-five universities across the U.S. have had their employees targeted by the Storm-2657 threat operation with phishing emails looking to divert salary payments as part of a payroll piracy campaign that commenced in March, according to The Record, a news site by cybersecurity firm Recorded Future.Almost a dozen breached university email accounts have been leveraged to deliver illicit emails with links that sought to pilfer multi-factor authentication codes for Workday and other third-party platforms, a report from the Microsoft Threat Intelligence team showed. Subsequent infiltration of the employee's Workday profile enabled attackers to establish a rule that would remove alerts from Workday."The most recently identified theme involved phishing emails impersonating a legitimate university or an entity associated with a university. To make their messages appear convincing, Storm-2657 tailored the content based on the recipients institution," said Microsoft. Workday has already urged its users to activate phishing-resistant MFA and other data protection measures.Such a threat comes as the FBI noted business email compromise attack losses to exceed $2 billion last year.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds