Quantum Route Redirect Phaas Targets Microsoft 365 Users Worldwide

A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials.

The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort.

Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.

They say that the kit "is an advanced automation platform" that can cover all the stages of a phishing attack, from rerouting traffic to malicious domains to tracking victims.

Attacks start with a malicious email made to appear as a DocuSign request, a payment notification, a missed voicemail, or a QR code.

The emails direct targets to a credential harvesting page hosted on a URL that follows a specific pattern.

“Our researchers also observed that the domain URLs consistently follow the pattern “/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/” and are typically hosted on parked or compromised domains,” explains KnowBe4.

“The choice to host on legitimate domains can help to socially engineer the human targets of these attacks.”

KnowBe4 says it has identified about 1,000 domains hosting QRR phishing pages.

A built-in filtering mechanism can distinguish between bots and human visitors, the researchers say, adding that QRR can redirect potential victims to a phishing page, while automated systems, such as email security tools, are sent to benign sites.

Source: BleepingComputer