IT helps desks be ready for an evolving threat that sounds like a Hollywood movie title. In December 2025, Okta Threat Intelligent published a report that explained how hackers can gain unauthorized access to payroll software. These threats are infamous as payroll pirate attacks.
Pirates of the payroll
These attacks start with threat actors calling an organization’s help desk, pretending to be a user and requesting a password reset.
“Typically, what the adversary will do is then come back to the help desk, probably to someone else on the phone, and say, ‘Well, I have my password, but I need my MFA factor reset,’” according to VP of Okta Threat Intelligence Brett Winterford. “And then they enroll their own MFA factor, and from there, gain access to those payroll applications for the purposes of committing fraud.”
Attack tactic
The threat actors are working at a massive scale and leveraging various services and devices to assist their malicious activities. According to Okta report, cyber thieves employed social engineering, calling help desk personnel on the phone and attempting to trick them into resetting the password for a user account. These attacks have impacted multiple industries,
“They’re certainly some kind of cybercrime organization or fraud organization that is doing this at scale,” Winterford said
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: