Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Quantum Route Redirect (QRR) phishing campaign targeting Microsoft 365 users

Campaign
First reported
Last updated
Happening score
H score 41
3 unique sources, 3 articles

Summary

Hide ▲

Quantum Route Redirect (QRR) is running an active phishing campaign that steals Microsoft 365 credentials and now affects users across 90 countries. The operation uses about 1,000 domains and traffic-routing automation to push victims to credential-harvesting pages while evading scanners, with 76% of observed activity concentrated in the U.S.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

CypherLoc phishing-led browser scareware campaign

Campaign
First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Open Happening

QR code phishing surged across email threats in Q1 2026

Target Trend
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Open Happening

Silent subject/null subject phishing campaign targeting executives and privileged users

Campaign
First: 22.04.2026 16:00 Last: 22.04.2026 16:00 Sources 1

About this happening: A **widespread silent subject/null subject phishing campaign** is sending subject-less emails to **high-value users**, raising the risk of **credential theft** and follow-on **lat...

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

Timeline

  1. 10.11.2025 23:29 3 articles · 6mo ago

    Quantum Route Redirect phishing campaign targeting Microsoft 365 users

    Initial Disclosure

    KnowBe4 identified Quantum Route Redirect (QRR) as a phishing automation platform stealing Microsoft 365 credentials through credential-harvesting pages hosted on around 1,000 domains, often on parked or compromised domains. The lure emails impersonate DocuSign requests, payment notifications, missed voicemails, or QR codes, and the kit uses a human-vs-bot filtering layer that sends automated scanners to benign sites while routing real visitors to URLs that follow the `/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/` pattern. Observed activity spans 90 countries, with 76% of attacks directed at users in the U.S., and defenders are advised to deploy robust URL filtering and account monitoring for compromise.

    Show sources
    Open in new tab