Phishing Tool Uses Smart Redirects to Bypass Detection TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsVulnerabilities & ThreatsPatch Now: Microsoft Flags Zero-Day & Critical Zero-Click BugsPatch Now: Microsoft Flags Zero-Day & Critical Zero-Click BugsbyJai Vijayan, Contributing WriterNov 11, 20254 Min ReadApplication SecurityOWASP Highlights Supply Chain Risks in New Top 10 ListOWASP Highlights Supply Chain Risks in New Top 10 ListbyJai Vijayan, Contributing WriterNov 10, 20255 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllThreat IntelligenceSilver Fox APT Blurs the Line Between Espionage & CybercrimeSilver Fox APT Blurs the Line Between Espionage & CybercrimebyNate Nelson, Contributing WriterAug 8, 20253 Min ReadThreat IntelligenceIran-Israel War Triggers a Maelstrom in CyberspaceIran-Israel War Triggers a Maelstrom in CyberspacebyNate Nelson, Contributing WriterJun 19, 20255 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryEndpoint SecurityThreat IntelligenceVulnerabilities & ThreatsRemote WorkforceNewsPhishing Tool Uses Smart Redirects to Bypass DetectionA campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries.Elizabeth Montalbano, Contributing WriterNovember 12, 20254 Min ReadSource: Ronstik via Alamy Stock PhotoA new phishing tool targeting Microsoft 365 users has entered the chat, further democratizing social engineering campaigns for lower-skilled cybercriminals. The tool, called Quantum Route Redirect, simplifies what was once a technically complex campaign flow, as well as offers a uniquely evasive redirect feature that can bypass even robust email protections. Researchers from KnowBe4 observed the tool in the wild beginning in August when they uncovered a phishing campaign aimed at stealing credentials of 365 users, they revealed in a blog post this week. Currently, about 1,000 domains are hosting the Quantum Route Redirect, which offers an "advanced automation platform" that is designed to streamline campaign functions such as traffic rerouting and victim tracking.So far, the campaign researchers observed using the tool has successfully compromised victims across 90 countries, "demonstrating remarkable international reach," KnowBe4 analysts Jeewan Singh Jalal, Prabhakaran Ravichandhiran, and Anand Bodke wrote in the post. Most of the attacks have occurred in the US, accounting for 76% of affected users, while the remaining 24% are distributed across the globe on all continents except Australia."Quantum Route Redirect represents a concerning evolution in cybercrime accessibility," they observed. "By removing technical barriers, it's enabling a new generation of threat actors to launch sophisticated campaigns with minimal expertise."Related:Pro-Russian Hackers Use Linux VMs to Hide in WindowsSimple Phishing Campaign DevelopmentThere are two key ingredients in its secret sauce that make Quantum Route Redirect a powerful new weapon for fledgling phishing attackers, the researchers noted. One is its simplicity, offering "a preconfigured setup that removes the technical expertise needed to launch such a sophisticated phishing campaign — which in turn can increase the volume of advanced phishing attacks targeting organizations globally," the researchers noted. The tool turns previously tricky-to develop attack steps into one-click launches that make it simple for even the least sophisticated attacker to develop a solid campaign with diverse themes and tactics designed to maximize victim engagement. These include: Docusign and other service agreement impersonation; payroll impersonation; payment notification emails; missed voicemail messages, and QR code phishing, or quishing.Moreover, the URLs consistently follow the pattern "/([\w\d-]+\.){2}[\w]{,3}\/quantum.php/" and are typically hosted on parked or compromised domains, which can help attackers socially engineer the human targets of these attacks and give them the power of brand impersonation to fool victims. "Each variant ultimately funnels recipients toward the same goal: credential harvesting pages that are managed via Quantum Route Redirect," the researchers wrote.Related:RondoDox Botnet: an 'Exploit Shotgun' for Edge VulnsQuantum Route Redirection Bypasses SecurityThis is where the second key aspect of the tool comes into play: a redirect system that allows it to quickly bypass protections on Microsoft 365 email systems. On a business or enterprise deployment of Microsoft 365, these typically include Microsoft Exchange Online Protection (EOP), a secure email gateway (SEG), and potentially integrated cloud email security (ICES) products, which are the most difficult to penetrate. These detection technologies depend on URL scanning, with some analyzing URLs at the point of delivery only, quarantining suspicious emails and routing seemingly safe ones to a user's inbox. Cybercriminals already have cracked this defense by changing the end destination of the email once it has passed this initial analysis. Therefore, some products also perform time-of-click analysis and block users from visiting a link if the URL is weaponized after delivery.To bypass even these advanced detections, Quantum Route Redirect payloads delivered by phishing hyperlinks can automatically differentiate between and manage types of "visitors" — i.e., whether they are security tools or people — through an intelligent redirect system.Related:Undead Operating Systems Haunt Enterprise Security NetworksThus, a security tool scanning a hyperlink will be redirected to legitimate websites and therefore led to believe the original email is harmless, allowing the recipient to interact with it. People who engage with the hyperlink, however, are sent directly to phishing webpages.KnowBe4 researchers said they have observed Quantum Route Redirect deceiving even Web application firewall products, "enabling attacks to bypass multiple different layers of security."How to Defend Against Advanced Phishing CampaignsAs attackers level up in their use of ever-more sophisticated tools that leverage AI and other tactics to bypass the latest security technologies, defenders also must consider improving their security posture to protect corporate email systems. For attacks that use Quantum Route Redirect technology, organizations should consider the difference between integrated cloud email security products and traditional email security such as SEG, specifically in their use of natural language processing (NLP) and natural language understanding to analyze the content of an email message. NLP can be used along with domain and URL analysis, impersonation detection and other defenses to can help pick up the context of messages and bust intelligent redirection employed by the tool, the researchers noted.Additionally, organizations should ensure that both their email security and Web application firewall products have URL filtering to mitigate attacks like the ones Quantum Route Redirection facilitates. KnowBe4 also recommended that organizations deploy sandboxing technologies, either internally or through managed security service providers, to inspect potentially malicious emails.About the AuthorElizabeth Montalbano, Contributing WriterElizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.See more from Elizabeth Montalbano, Contributing WriterMore InsightsIndustry ReportsOrganizations Require a New Approach to Handle Investigation and Response in the Cloud2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentAccess More ResearchWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeEditor's ChoiceApplication SecurityOWASP Highlights Supply Chain Risks in New Top 10 ListOWASP Highlights Supply Chain Risks in New Top 10 ListbyJai Vijayan, Contributing WriterNov 10, 20255 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeNov 13, 2025During this event, we'll examine the most prolific threat actors in cybercrime and cyber espionage, and how they target and infiltrate their victims.Secure Your SeatWebinarsHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterTues, Nov 18, 2025 at 1pm ESTSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersAutomated Cloud Forensics for AWS ExplainedSmarter Cloud Security Starts with Darktrace and AWSUltimate Guide to Incident Response in AWSPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The evolving landscape of cybercrime is being dramatically reshaped by accessibility, and a new phishing tool, Quantum Route Redirect, exemplifies this trend. Developed by KnowBe4, this tool simplifies sophisticated attacks, making them attainable for a broader range of cybercriminals. Initially observed in August 2025, Quantum Route Redirect has already compromised approximately 1,000 domains and affected over 90 countries, demonstrating a remarkable international reach. The tool’s primary function is to streamline phishing campaigns targeting Microsoft 365 users, bypassing traditional security measures employed by organizations like EOP, SEG, and ICES.

The core innovation of Quantum Route Redirect lies in its intelligent redirect system. This system differentiates between users – security tools versus human targets – and automatically routes traffic accordingly. This allows the tool to bypass Web application firewalls and other security products, delivering phishing links directly to compromised webpages. The tool’s ease of use, facilitated by a pre-configured setup, eliminates the technical expertise previously required to launch complex attacks, significantly broadening the pool of potential attackers. The campaign utilizes a variety of deceptive tactics, including impersonating services like Docusign and payroll, sending fraudulent payment notifications, and deploying QR code phishing, all designed to maximize victim engagement. The consistent URL pattern – /([\w\d-]+\.){2}[\w]{,3}\/quantum.php/ – and the use of parked or compromised domains further enhance the tool's effectiveness.

Elizabeth Montalbano, a contributing writer for TechTarget, highlighted the concerning evolution of cybercrime driven by increased accessibility. She noted that Quantum Route Redirect represents a significant shift, enabling a new generation of threat actors to launch sophisticated campaigns with minimal expertise, thereby increasing the volume of advanced phishing attacks worldwide.

Key defenses against this evolving threat involve a multi-layered approach. Organizations are advised to move beyond traditional security solutions and consider NLP analysis within email security and web application firewalls. This capability can help analyze the context of emails and identify the intelligent redirection tactics employed by Quantum Route Redirect. Additionally, implementing sandboxing technologies, either internally or through managed security service providers, can provide an additional layer of defense by inspecting potentially malicious emails.

KnowBe4’s recommendations include ensuring URL filtering within email security products and web application firewalls, and deploying robust threat hunting tools. The tool’s ability to bypass multiple layers of security underscores the need for adaptive security strategies. Ultimately, the rise of tools like Quantum Route Redirect necessitates a continuous evolution of cybersecurity defenses, emphasizing intelligence, automation, and a proactive stance in anticipating and mitigating emerging threats.