Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Quantum Route Redirect democratizes Microsoft 365 phishing tradecraft

Threat Actor Meta
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Quantum Route Redirect is lowering the skill bar for phishing operators, letting less-skilled cybercriminals run more sophisticated Microsoft 365 credential-theft campaigns while improving redirect-based evasion. The shift matters because the tool automates campaign functions and can bypass EOP, SEG, ICES, and even web application firewall checks. The infrastructure has also been tied to activity hosted on about 1,000 domains and reaching victims in 90 countries.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

CypherLoc phishing-led browser scareware campaign

Campaign
First: 20.05.2026 13:00 Last: 20.05.2026 13:00 Sources 1

About this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...

Open Happening

QR code phishing surged across email threats in Q1 2026

Target Trend
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Open Happening

W3LL Microsoft 365 adversary-in-the-middle phishing campaign

Campaign
First: 13.04.2026 21:55 Last: 13.04.2026 21:55 Sources 1

About this happening: The **W3LL** phishing operation turned into a high-volume **Microsoft 365** credential-theft campaign, exposing **more than 17,000 victims worldwide** to **BEC** risk. The kit use...

Open Happening

EvilTokens phishing-as-a-service operation expands device code phishing and BEC

Threat Actor Meta
First: 01.04.2026 22:42 Last: 01.04.2026 22:42 Sources 1

About this happening: **EvilTokens** has been commercialized on **Telegram** as a continuously developed phishing-as-a-service kit, expanding **device code phishing** and **BEC** capabilities at scale....

Open Happening

Timeline

  1. 12.11.2025 17:48 2 articles · 6mo ago

    Quantum Route Redirect phishing analysis

    Technical Analysis Update

    KnowBe4 researchers said Quantum Route Redirect targets Microsoft 365 credential theft by automating campaign setup, traffic rerouting, victim tracking, and an intelligent redirect system that can send security scanners to benign sites while directing people to phishing pages. The tool has been seen since August, is hosted on about 1,000 domains, and the associated campaign has reached victims in 90 countries, with 76% of affected users in the US. Researchers said the activity can bypass Microsoft Exchange Online Protection (EOP), secure email gateway (SEG), integrated cloud email security (ICES), and even Web application firewall products, and they advised URL filtering, sandboxing, and NLP-based email analysis.

    Show sources
    Open in new tab