Quantum Route Redirect PhaaS ecosystem streamlines large-scale credential theft
Threat Actor Meta
Summary
Hide ▲
Show ▼
A new PhaaS ecosystem centered on Quantum Route Redirect is lowering the skill barrier for large-scale credential theft, expanding phishing reach across 90 countries.
Related Happenings
Quantum Route Redirect democratizes Microsoft 365 phishing tradecraft
Threat Actor Meta
First: 12.11.2025 17:48
Last: 12.11.2025 17:48
Sources 1
About this happening:
**Quantum Route Redirect** is **lowering the skill bar** for phishing operators, letting less-skilled cybercriminals run more sophisticated **Microsoft 365** credential-theft camp...
Quantum Route Redirect democratizes Microsoft 365 phishing tradecraft
Threat Actor MetaAbout this happening: **Quantum Route Redirect** is **lowering the skill bar** for phishing operators, letting less-skilled cybercriminals run more sophisticated **Microsoft 365** credential-theft camp...
Quantum Route Redirect (QRR) phishing campaign targeting Microsoft 365 users
Campaign
First: 10.11.2025 23:29
Last: 10.11.2025 23:29
Sources 1
How related:
All of these phishing messages have the same end goal – to push victims to a Microsoft365 credential harvesting page.
About this happening:
**Quantum Route Redirect (QRR)** is running an active **phishing campaign** that steals **Microsoft 365** credentials and now affects users across **90 countries**. The operation...
Quantum Route Redirect (QRR) phishing campaign targeting Microsoft 365 users
CampaignHow related: All of these phishing messages have the same end goal – to push victims to a Microsoft365 credential harvesting page.
About this happening: **Quantum Route Redirect (QRR)** is running an active **phishing campaign** that steals **Microsoft 365** credentials and now affects users across **90 countries**. The operation...
Timeline
-
11.11.2025 11:45 2 articles · 6mo ago
KnowBe4 identifies Quantum Route Redirect PhaaS platform behind global credential theft
Initial DisclosureKnowBe4 identifies Quantum Route Redirect as a highly automated phishing-as-a-service platform that has streamlined large-scale credential theft across 90 countries for several months. The kit was discovered in early August, is hosted on approximately 1000 domains, automates traffic rerouting and victim tracking, evades some URL scanning and web application firewall products, and uses lures such as Docusign, payroll impersonation, payment notification emails, missed voicemail messages, and QR codes to drive victims toward a Microsoft365 credential-harvesting page.
Show sources
- Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks — www.infosecurity-magazine.com — 11.11.2025 11:45
- Quantum Route Redirect Phishing Kit Democratizes Cyber-Attacks — www.infosecurity-magazine.com — 11.11.2025 11:45