In 2025, Storm-2657 primarily targeted Workday and other payroll and HR software by sending phishing emails that capture login credentials and multi-factor authentication (MFA) codes in real time using adversary-in-the-middle techniques.
March 01, 2025
high
temporal
Describes the primary technical target and credential-capture method used in payroll-directed phishing campaigns.