Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering

This article details how attackers used social engineering to bypass help desk authentication, reset passwords, and re-enroll MFA devices, ultimately redirecting an organization’s paychecks to their own accounts. The incident, discovered when employees reported missing pay, was contained by Unit 42, who also identified a dormant WannaCry ransomware presence.