Phishing Tool Uses Smart Redirects to Bypass Detection - Dark Reading

ENDPOINT SECURITY THREAT INTELLIGENCE VULNERABILITIES & THREATS REMOTE WORKFORCE NEWS Phishing Tool Uses Smart Redirects to Bypass Detection A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries. Elizabeth Montalbano,Contributing Writer November 12, 2025 4 Min Read SOURCE: RONSTIK VIA ALAMY STOCK PHOTO A new phishing tool targeting Microsoft 365 users has entered the chat, further democratizing social engineering campaigns for lower-skilled cybercriminals.  The tool, called Quantum Route Redirect, simplifies what was once a technically complex campaign flow, as well as offers a uniquely evasive redirect feature that can bypass even robust email protections. Researchers from KnowBe4 observed the tool in the wild beginning in August when they uncovered a phishing campaign aimed at stealing credentials of 365 users, they revealed in a blog post this week.  Currently, about 1,000 domains are hosting the Quantum Route Redirect, which offers an "advanced automation platform" that is designed to streamline campaign functions such as traffic rerouting and victim tracking. So far, the campaign researchers observed using the tool has successfully compromised victims across 90 countries, "demonstrating remarkable international reach," KnowBe4 analysts Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke wrote in the post. Most of the attacks have occurred in the US, accounting for 76% of affected users, while the remaining 24% are distributed across the globe on all continents except Australia. Related:Cylake Offers AI-Native Security Without Relying on Cloud Services "Quantum Route Redirect represents a concerning evolution in cybercrime accessibility," they observed. "By removing technical barriers, it's enabling a new generation of threat actors to launch sophisticated campaigns with minimal expertise." Simple Phishing Campaign Development There are two key ingredients in its secret sauce that make Quantum Route Redirect a powerful new weapon for fledgling phishing attackers, the researchers noted. One is its simplicity, offering "a preconfigured setup that removes the technical expertise needed to launch such a sophisticated phishing campaign — which in turn can increase the volume of advanced phishing attacks targeting organizations globally," the researchers noted.  The tool turns previously tricky-to develop attack steps into one-click launches that make it simple for even the least sophisticated attacker to develop a solid campaign with diverse themes and tactics designed to maximize victim engagement. These include: Docusign and other service agreement impersonation; payroll impersonation; payment notification emails; missed voicemail messages, and QR code phishing, or quishing. Moreover, the URLs consistently follow the pattern "/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/" and are typically hosted on parked or compromised domains, which can help attackers socially engineer the human targets of these attacks and give them the power of brand impersonation to fool victims. "Each variant ultimately funnels recipients toward the same goal: credential harvesting pages that are managed via Quantum Route Redirect," the researchers wrote. Related:Bug in Google's Gemini AI Panel Opens Door to Hijacking Quantum Route Redirection Bypasses Security This is where the second key aspect of the tool comes into play: a redirect system that allows it to quickly bypass protections on Microsoft 365 email systems. On a business or enterprise deployment of Microsoft 365, these typically include Microsoft Exchange Online Protection (EOP), a secure email gateway (SEG), and potentially integrated cloud email security (ICES) products, which are the most difficult to penetrate.  These detection technologies depend on URL scanning, with some analyzing URLs at the point of delivery only, quarantining suspicious emails and routing seemingly safe ones to a user's inbox. Cybercriminals already have cracked this defense by changing the end destination of the email once it has passed this initial analysis. Therefore, some products also perform time-of-click analysis and block users from visiting a link if the URL is weaponized after delivery. To bypass even these advanced detections, Quantum Route Redirect payloads delivered by phishing hyperlinks can automatically differentiate between and manage types of "visitors" — i.e., whether they are security tools or people — through an intelligent redirect system. Related:Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto Thus, a security tool scanning a hyperlink will be redirected to legitimate websites and therefore led to believe the original email is harmless, allowing the recipient to interact with it. People who engage with the hyperlink, however, are sent directly to phishing webpages. KnowBe4 researchers said they have observed Quantum Route Redirect deceiving even Web application firewall products, "enabling attacks to bypass multiple different layers of security." How to Defend Against Advanced Phishing Campaigns As attackers level up in their use of ever-more sophisticated tools that leverage AI and other tactics to bypass the latest security technologies, defenders also must consider improving their security posture to protect corporate email systems.  For attacks that use Quantum Route Redirect technology, organizations should consider the difference between integrated cloud email security products and traditional email security such as SEG, specifically in their use of natural language processing (NLP) and natural language understanding to analyze the content of an email message. NLP can be used along with domain and URL analysis, impersonation detection and other defenses to can help pick up the context of messages and bust intelligent redirection employed by the tool, the researchers noted. Additionally, organizations should ensure that both their email security and Web application firewall products have URL filtering to mitigate attacks like the ones Quantum Route Redirection facilitates. KnowBe4 also recommended that organizations deploy sandboxing technologies, either internally or through managed security service providers, to inspect potentially malicious emails. About the Author Elizabeth Montalbano Contributing Writer Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking. More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report The ROI of AI in Security Cybersecurity Forecast 2026 ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars Editor's Choice CYBERSECURITY OPERATIONS Why Stryker's Outage Is a Disaster Recovery Wake-Up Call byJai Vijayan MAR 12, 2026 5 MIN READ CYBER RISK What Orgs Can Learn From Olympics, World Cup IR Plans byTara Seals MAR 12, 2026 THREAT INTELLIGENCE Commercial Spyware Opponents Fear US Policy Shifting byRob Wright MAR 12, 2026 9 MIN READ Want more Dark Reading stories in your Google search results? 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Autonomous Pentesting at Machine Speed, Without False Positives Fixing Organizations' Identity Security Posture Best practices for incident response planning Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Explore More White Papers GISEC GLOBAL 2026 GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills. 📌 BOOK YOUR SPACE