A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users' credentials.
The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort.
Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.
They say that the kit "is an advanced automation platform" that can cover all the stages of a phishing attack, from rerouting traffic to malicious domains to tracking victims.
Attacks start with a malicious email made to appear as a DocuSign request, a payment notification, a missed voicemail, or a QR code.
Sample phishing message
Source: KnowBe4
The emails direct targets to a credential harvesting page hosted on a URL that follows a specific pattern.
“Our researchers also observed that the domain URLs consistently follow the pattern “/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/” and are typically hosted on parked or compromised domains,” explains KnowBe4.
“The choice to host on legitimate domains can help to socially engineer the human targets of these attacks.”
... continue reading