The threat is a financially motivated campaign by Storm-2755 that uses SEO poisoning and malvertising to direct users searching for "Office 365" to phishing sites, leading to adversary-in-the-middle (AiTM) attacks and payroll diversion.
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks as Storm-2755, begins by poisoning search engine results and running malicious ads against generic queries like “Office 365”, or even common misspellings like “Office 265.” Victims who click through land on a convincing but fake … More → The post Poisoned “Office 365” search results lead to stolen paychecks appeared first on Help Net Security .