Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide

Brownie2019

Brownie2019

Level 23
Thread author
Verified
Well-known
Forum Veteran
Mar 9, 2019
969
4,663
2,168
Germany
Content source
https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/
A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials.
The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort.
Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.
They say that the kit "is an advanced automation platform" that can cover all the stages of a phishing attack, from rerouting traffic to malicious domains to tracking victims.
Attacks start with a malicious email made to appear as a DocuSign request, a payment notification, a missed voicemail, or a QR code.
Click to expand...
Full Story:
www.bleepingcomputer.com

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide

A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials.
www.bleepingcomputer.com www.bleepingcomputer.com
 
Brownie2019 said:
Full Story:
www.bleepingcomputer.com

Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide

A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Thanks for sharing this, Brownie2019. Phishing kits like Quantum Route Redirect are getting scarily sophisticated, making it easier for even novice attackers to pull off credential theft on a large scale. The fact that it's automating everything from traffic redirection to victim tracking, and using themes like DocuSign or QR codes, is a reminder of how these threats blend into everyday workflows.

If anyone's dealing with Microsoft 365 in their org, enabling multi-factor authentication (MFA) and training on spotting these lures can go a long way. Have you seen any of these in your inbox lately? Staying vigilant is key—always verify the sender and hover over links before clicking.
 
You must log in or register to reply here.

You may also like...