Microsoft 365 Users Targeted by Major New Phishing Operation - Here's How to Stay Safe
Companies Mentioned
Why It Matters
By democratizing sophisticated phishing techniques, Quantum Route Redirect threatens to increase credential compromises across enterprises, forcing organizations to augment technical controls with heightened user training and rapid response capabilities. Its ability to evade existing email security tools could drive a wave of breaches, raising the overall risk profile for cloud‑based productivity suites.
Summary
A new phishing-as-a-service platform dubbed “Quantum Route Redirect” automates credential‑theft campaigns against Microsoft 365 users, allowing attackers to spoof brands like DocuSign and launch QR‑code “quishing” attacks without deep technical expertise. The tool detects bots versus humans, redirecting security scanners to benign sites while funneling real users to credential‑harvesting pages, effectively bypassing Microsoft Exchange Online Protection and other cloud email defenses. Researchers at KnowBe4 have identified roughly 1,000 active domains, with attacks reported in 90 countries and 76% of victims located in the United States. The service includes a dashboard with analytics, browser fingerprinting, VPN detection and real‑time traffic monitoring, lowering the entry barrier for large‑scale phishing operations.
Microsoft 365 users targeted by major new phishing operation - here's how to stay safe
Comments
Want to join the conversation?
Loading comments...