The campaign, which has been active since August 2025, shows a disturbing trend: advanced phishing kits that were previously only accessible to technically skilled hackers are now packaged as user-friendly platforms. Quantum Route Redirect automates the entire attack trajectory – from redirecting traffic to victim analysis – thereby lowering the threshold for launching complex attacks.
Phishing-as-a-Service: simplicity as a weapon
Attackers using Quantum Route Redirect spread phishing emails with various themes – from DocuSign and payroll notifications to missed voicemail messages or QR code phishing (quishing). Despite their different appearances, all these messages lead to the same goal: stealing Microsoft 365 login credentials.
The strength of Quantum Route Redirect lies in its simplicity. The tool includes a pre-configured environment with phishing domains, a dashboard with victim statistics, and automated routing between "bots" and "real" users. When security systems scan a suspicious link, they are redirected to a legitimate website, making the email appear safe. Only when a person clicks on the link are they sent to a malicious phishing page.
Global impact
The KnowBe4 Threat Lab has determined that the campaign has already victimized individuals in more than 90 countries. The United States is the hardest hit, accounting for 76% of reported cases, but Europe, Asia, and South America are also affected. In total, researchers have identified around 1,000 domains where Quantum Route Redirect is actively hosted.
The tool is also continuously being developed. A new version is already planned with a built-in QR code generator, allowing criminals to further scale their quishing attacks.
Defending against a new generation of phishing
Quantum Route Redirect represents a new phase in the 'democratization' of cybercrime: the technical barriers are disappearing while the quality of attacks is rising. Organizations can arm themselves by collaborating with leading cybersecurity providers that offer advanced technical controls and adapt as attacks evolve. Modern email security must go beyond just URL scans and analyze messages holistically for language use, context, and intent. Additionally, technologies such as sandboxing, continuous monitoring, and web application firewalls with intelligent URL filtering are essential to detect misleading redirects – like those from Quantum Route Redirect. Finally, the human factor remains crucial: by implementing Human Risk Management (HRM), organizations can timely identify risky behavior and train employees to recognize and avoid advanced phishing attacks.
Read the blog from the Threat Lab team at KnowBe4 for a complete technical analysis of this new phishing method.
