A financially motivated threat group called Storm-2755 has launched a campaign that quietly reroutes employee salary payments to attacker-controlled bank accounts. Targeting Canadian workers, the group uses adversary-in-the-middle (AiTM) techniques to hijack authenticated sessions and bypass multi-factor authentication (MFA), in what researchers have labeled “payroll pirate” attacks. The campaign starts with SEO poisoning and malvertising. […]
The post Hackers Use AiTM Session Hijacking to Redirect Employee Salaries in New Storm-2755 Campaign appeared first on Cyber Security News.
This article has been indexed from Cyber Security News
Read the original article: