Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks

KnowBe4 has uncovered an advanced Phishing-as-a-Service platform that bypasses security tools, automates traffic routing, and provides cybercriminals with easy-to-use analytics, widening the reach of global attacks.

by Guru Writer
November 11, 2025
in Editor's News, Insight, News
Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks
Share on FacebookShare on Twitter

The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies a once technically complex campaign flow, further “democratising” phishing for less skilled cybercriminals. It is thought to primarily target Microsoft 365 users.

Removing Barriers of Entry

Quantum Route Redirect bundles several capabilities that remove technical barriers to running a sophisticated phishing campaign: it uses behavioural detection to distinguish automatically between human and automated traffic, and intelligent routing to sort visitors without manual intervention. It also provides a a simplified analytics dashboard that presents comprehensive victim data – including location, device type and browser information – in an intuitive format. The platform also includes real-time monitoring displays campaign performance and success metrics so operators need no specialised technical expertise.

According to KnowBe4, the Phishing-as-a-Service (PhaaS) platform is capable of distinguishing between security tools and genuine users, directing the former to legitimate websites while sending the latter to the phishing version. This technique enables it to bypass URL scanners and certain web application firewalls. The platform also includes user-friendly features designed to support less technically skilled cybercriminals, such as a configuration panel for managing redirect rules, settings and routing logic; monitoring dashboards displaying traffic analytics; intelligent traffic routing to automatically sort visitors; and an analytics dashboard showing details such as victim location, device type and browser information.

To Carry Out An Attack

From the target’s perspective, these campaigns typically begin with a phishing email. Attackers usually cast a wide net using a range of themes and tactics designed to maximise victim engagement. These often include impersonation of services such as DocuSign and other agreement platforms, payroll-related scams, fake payment notifications, fraudulent “missed voicemail” messages, and QR code phishing (also known as quishing).

When the hyperlink is first activated, either by a security tool (bot) scanning it or by a person clicking on it, the request is intercepted by Quantum Route Redirect and sent for processing. The platform’s central routing engine then analyses all incoming traffic, using behavioural analysis to distinguish intelligently between bots and humans. Acting as both a classifier and router, the engine determines the appropriate destination for each request.

If the traffic is identified as originating from a bot, it is redirected to a safe URL, preventing access to the real phishing site. This protects the malicious infrastructure from exposure by security scanners and increases the likelihood that a genuine user will interact with the email, unless it is blocked by other detection mechanisms. Conversely, if the visitor is recognised as human, they are redirected to the actual phishing website, where attackers attempt to harvest Microsoft 365 credentials.

The Quantum Route Redirect system also provides administrative access for the cybercriminals operating these campaigns, featuring two streamlined management interfaces: a configuration panel for managing redirect rules, settings and routing logic, and a visitor statistics dashboard offering analytics such as traffic data to assess campaign performance.

Global Impact

This campaign has successfully compromised victims across 90 countries, demonstrating remarkable international reach. The US has borne the brunt of the attacks so far, accounting for 76% of affected users, while the remaining 24% are distributed worldwide, making the scope of this threat truly global.

What Should Organisations Do?

KnowBe4 advised security teams to implement a multi-layered defence strategy that incorporates a range of protective measures. These include using natural language processing (NLP) and natural language understanding to analyse email content, alongside URL and payload analysis, domain and impersonation detection, and polymorphic detection techniques. Sandboxing can be employed to inspect suspicious emails, while continuous monitoring helps identify potential account compromise. A human risk management (HRM) platform with advanced behavioural analytics, product telemetry and threat intelligence can generate individual risk scores, enabling personalised user training. In addition, email threat intelligence should be used to inform company-wide education initiatives, supported by rapid incident response procedures designed to isolate compromised users, block access and conduct digital forensics.

ShareTweet
Previous Post

Staying Safe After a Cyber Attack

Next Post

The Increase In Adoption Of Video Surveillance-As-A-Service

Recent News

pentesting

Pentesting is dead. Long live pentesting.

July 3, 2026
AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol