A major phishing operation known as Quantum Route Redirect (QRR) is targeting Microsoft 365 users globally, leveraging nearly 1,000 domains across 90 countries to distribute convincing fake login pages. Security researchers warn that the campaign uses realistic email lures to mimic Microsoft’s interface, making it harder for users to detect the scam. As part of this operation, attackers are exploiting parked or compromised legitimate domains to create a false sense of security, increasing the likelihood that users will enter their credentials.
The QRR platform is one of the largest phishing operations currently active, with approximately 76% of attacks targeting U.S. users. The scale of the operation highlights the growing threat of organized phishing efforts, which often rely on automated tools and sophisticated evasion techniques to bypass traditional security measures. Analysts note that these tactics are becoming increasingly difficult to detect, emphasizing the need for layered defenses and behavioral analysis to combat such threats effectively.
Microsoft has been actively combating cyber threats, including dismantling a major phishing network known as RaccoonO365. That operation sold pre-made Microsoft login copies to steal thousands of credentials, primarily targeting healthcare organizations. The platform’s operator was recently identified, and Microsoft is pursuing legal action against him for cybercrime violations. However, the emergence of QRR shows that the threat landscape is evolving, with new tools like Q… (Continued in the JSON)