Ahoy! A Tale of Payroll Pirates Who Target Universities cover art

Ahoy! A Tale of Payroll Pirates Who Target Universities

Ahoy! A Tale of Payroll Pirates Who Target Universities

Listen for free

View show details

About this listen

 In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware. Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification. In this episode you’ll learn: How Payroll Pirates diverted university salaries through SaaS HR phishing schemes Why universities are prime targets for identity-based cyberattacks How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks Some questions we ask: How are attackers stealing credentials and paychecks? Why do attackers create inbox rules after compromising accounts? What alerts should organizations monitor for these types of attacks? Resources: View Tori Murphy on LinkedIn View Anna Seitz on LinkedIn View Sherrod DeGrippo on LinkedIn Investigating targeted “payroll pirate” attacks affecting US universities Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.