- Quantum Route Redirect automates phishing, spoofing tags and bypassing email security tools
- It detects bots vs. people and redirect real users to credential theft sites
- Over 1,000 domains it hosts; 76% of victims are in the US according to KnowBe4
A new phishing platform called “Quantum Route Redirect” makes targeting Microsoft 365 users around the world dramatically simpler, experts from KnowBe4 have warned.
In its report, the researchers said that Quantum Route Redirect can automate phishing campaigns that previously required significant technical skills.
It allows attackers to launch large-scale credential theft operations while spoofing large companies like DocuSign, or sending fake payroll, payment notices and voicemail alerts. QR code-based “quishing” attacks are also available on the platform.
Targeted at the US
One of Quantum Route Redirect’s key benefits is its ability to automatically detect whether a visitor is a bot or a human.
When security tools such as email scanners click on the links, they are redirected to safe, legitimate websites, making the phishing email appear harmless. However, genuine users are silently redirected to credential harvesting pages.
This automation helps hackers bypass layers of defense such as Microsoft Exchange Online Protection, secure email gateways, and even integrated cloud email security solutions.
The platform also comes with a dashboard for managing redirects, monitoring victim traffic and viewing analytics. It includes features such as browser fingerprinting, VPN/proxy detection and real-time statistics, effectively lowering the entry barrier for cybercriminals.
KnowBe4 researchers have identified around 1,000 domains currently hosting the tool and warn that it is spreading like wildfire, and attacks exploiting it have compromised victims in 90 countries, with the US accounting for 76% of affected users.
Experts warn that Quantum Route Redirect “democratizes” phishing by removing technical complexity and could mark a new era of accessible cybercrime. To defend against it, organizations are encouraged to combine advanced email security tools with user awareness training, sandboxing and rapid response procedures for credential compromises.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
