Ahoy! A Tale of Payroll Pirates Who Target Universities episode artwork

EPISODE · Nov 19, 2025 · 31 MIN

Ahoy! A Tale of Payroll Pirates Who Target Universities

from Microsoft Threat Intelligence Podcast · host Microsoft

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.   Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.  In this episode you’ll learn:       How Payroll Pirates diverted university salaries through SaaS HR phishing schemes  Why universities are prime targets for identity-based cyberattacks  How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks  Some questions we ask:      How are attackers stealing credentials and paychecks?  Why do attackers create inbox rules after compromising accounts?  What alerts should organizations monitor for these types of attacks?  Resources:   View Tori Murphy on LinkedIn   View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn   Investigating targeted “payroll pirate” attacks affecting US universities  Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign (Storm 2657), which targets university payroll systems through phishing and MFA theft to reroute direct deposits. Then, they examine Vanilla Tempest, a ransomware group abusing fraudulent Microsoft Teams installers and SEO poisoning to deliver the Oyster Backdoor and Recita ransomware.   Together, they discuss how attackers exploit trust in identity, code signing, and SaaS platforms and share practical steps organizations can take to strengthen defenses, from phishing-resistant MFA to stricter executable controls and out-of-band banking verification.  In this episode you’ll learn:       How Payroll Pirates diverted university salaries through SaaS HR phishing schemes  Why universities are prime targets for identity-based cyberattacks  How Vanilla Tempest evolved from basic ransomware to complex multi-stage attacks  Some questions we ask:      How are attackers stealing credentials and paychecks?  Why do attackers create inbox rules after compromising accounts?  What alerts should organizations monitor for these types of attacks?  Resources:   View Tori Murphy on LinkedIn   View Anna Seitz on LinkedIn  View Sherrod DeGrippo on LinkedIn   Investigating targeted “payroll pirate” attacks affecting US universities  Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action    Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider    The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

NOW PLAYING

Ahoy! A Tale of Payroll Pirates Who Target Universities

0:00 31:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Microsoft Threat Intelligence Podcast?

This episode is 31 minutes long.

When was this Microsoft Threat Intelligence Podcast episode published?

This episode was published on November 19, 2025.

What is this episode about?

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠Sherrod DeGrippo is joined by security researchers Tori Murphy and Anna Seitz to unpack two financially motivated cyber threats. First, they explore the Payroll Pirates campaign...

Can I download this Microsoft Threat Intelligence Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!