Cybercrooks are getting an upgrade. KnowBe4 Threat Lab has uncovered Quantum Route Redirect, a new phishing platform that’s upping the ante by making sophisticated attacks almost effortless to launch.
The tool, now circulating globally, streamlines what was once a technically complex phishing setup into a single click. Attackers using it can automatically evade certain email security filters, impersonate trusted brands, and harvest Microsoft 365 credentials at scale.
The Impact is Spreading Fast
Analysts first detected Quantum Route Redirect in August through KnowBe4’s PhishER Plus and Defend platforms. Since then, it’s been linked to phishing campaigns spanning 90 countries. Most victims are in the US, but the impact is spreading fast.
The platform works by automatically rerouting traffic based on who, or what, clicks the phishing link. Security scanners are sent to harmless pages, while real users are redirected to fake login portals that steal their details. This level of automation allows the campaign to slip past multiple layers of email protection, including Microsoft Exchange Online Protection and some secure email gateways.
What makes Quantum Route Redirect particularly dangerous is its accessibility. It’s a pre-packaged phishing kit complete with admin dashboards, visitor analytics, and built-in bot detection. Even low-skill actors can now run advanced phishing operations with ease.
KnowBe4 researchers expect future versions to include QR-code functionality, enabling larger-scale “quishing” attacks.
Advanced Automation
“Quantum Route Redirect is an advanced automation platform that streamlines the entire phishing campaign process, from traffic rerouting to victim tracking. Our security researchers have identified approximately 1000 domains currently hosting this tool,” the company said.
“The tool’s sophistication lies in its simplicity. The kit comes with a preconfigured setup that removes the technical expertise needed to launch such a sophisticated phishing campaign – which in turn can increase the volume of advanced phishing attacks targeting organizations globally.”
To stay ahead, organizations need layered defenses: modern email security tools, robust URL filtering, continuous monitoring, and above all, user awareness.
The Risk is Accessibility
John Carberry, CMO, Xcape Inc, says the risk lies in its accessibility, enabling less-skilled attackers to conduct high-volume credential theft and reliably evade URL defenses by redirecting security tools.
“To mitigate this, implement phishing-resistant MFA, such as FIDO2 or WebAuthn, conditional access policies, short session durations, and strict allow-listing of OAuth apps. Consider browser isolation for risky links and block newly registered or low-reputation domains. Finally, monitor for unusual M365 logins, excessive mailbox access, and suspicious token activity. Also, practice rapidly revoking sessions and OAuth grants,” Carberry adds.
“When phishing becomes a turnkey service, your best defense is making stolen passwords worthless.”
A Cat-and-Mouse Game
Denis Calderone CRO & COO at Suzu Labs, adds that cybersecurity is a perpetual cat-and-mouse game. As defenders deploy security tools, adversaries adapt to evade them. “This platform’s ability to differentiate between scanners and real users, redirecting each to different destinations, renders traditional URL filtering and automated scanning less effective.”
Calderone explains: “The commoditization of such sophisticated techniques through PhaaS is particularly concerning because it removes technical barriers, enabling even unsophisticated actors to launch advanced campaigns. This cycle of adaptation by attackers reinforces a critical reality, that technology alone cannot solve this problem.
“When automated defenses can be bypassed, organizations must maintain layered security approach that combines technical controls with effective user awareness training. End users remain the last line of defense and training the user to recognize suspicious activity is essential regardless of how sophisticated the attacks or defenses become.”
You can read the full analysis from KnowBe4 Threat Lab here.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.