Quantum Route Redirect democratizes Microsoft 365 phishing tradecraft
Threat Actor Meta
Summary
Hide ▲
Show ▼
Quantum Route Redirect is lowering the skill bar for phishing operators, letting less-skilled cybercriminals run more sophisticated Microsoft 365 credential-theft campaigns while improving redirect-based evasion. The shift matters because the tool automates campaign functions and can bypass EOP, SEG, ICES, and even web application firewall checks. The infrastructure has also been tied to activity hosted on about 1,000 domains and reaching victims in 90 countries.
Related Happenings
O-UNC-066 / Pink Microsoft Entra passkey vishing campaign
Campaign
H score37
First: 08.07.2026 19:47
Last: 08.07.2026 19:47
Sources 1
About this happening:
The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...
O-UNC-066 / Pink Microsoft Entra passkey vishing campaign
CampaignAbout this happening: The **O-UNC-066 / Pink** operation is using **voice-based phishing** to push **Microsoft 365** users into enrolling attacker-controlled **Entra passkeys**, creating a direct path...
Non-email threat-detection confidence gap across collaboration channels
Trend
H score25
First: 19.06.2026 12:00
Last: 19.06.2026 12:00
Sources 1
About this happening:
A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
Non-email threat-detection confidence gap across collaboration channels
TrendAbout this happening: A survey found a broad **non-email threat-detection gap** across **Slack**, **Microsoft Teams**, and social channels, increasing exposure as attackers move beyond **email**. At **...
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor Meta
H score31
First: 15.06.2026 22:32
Last: 15.06.2026 22:32
Sources 1
About this happening:
North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor MetaAbout this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend
Trend
H score22
First: 05.06.2026 17:00
Last: 05.06.2026 17:00
Sources 1
About this happening:
**Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...
Enterprise browser users face a rising shadow AI, credential abuse, and browser-native attack trend
TrendAbout this happening: **Enterprise users** are showing a sharp rise in **shadow AI**, **credential abuse**, and **browser-native attack exposure**, increasing risk at the browser layer. The trend matte...
Google DoubleClick malspam campaign delivering DesckVB RAT
Campaign
H score33
First: 03.06.2026 19:29
Last: 03.06.2026 19:29
Sources 1
About this happening:
A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
Google DoubleClick malspam campaign delivering DesckVB RAT
CampaignAbout this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
Timeline
-
12.11.2025 17:48 2 articles · 7mo ago
Quantum Route Redirect phishing analysis
Technical Analysis UpdateKnowBe4 researchers said Quantum Route Redirect targets Microsoft 365 credential theft by automating campaign setup, traffic rerouting, victim tracking, and an intelligent redirect system that can send security scanners to benign sites while directing people to phishing pages. The tool has been seen since August, is hosted on about 1,000 domains, and the associated campaign has reached victims in 90 countries, with 76% of affected users in the US. Researchers said the activity can bypass Microsoft Exchange Online Protection (EOP), secure email gateway (SEG), integrated cloud email security (ICES), and even Web application firewall products, and they advised URL filtering, sandboxing, and NLP-based email analysis.
Show sources
- Phishing Tool Uses Smart Redirects to Bypass Detection — www.darkreading.com — 12.11.2025 17:48
- Phishing Tool Uses Smart Redirects to Bypass Detection — www.darkreading.com — 12.11.2025 17:48