• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 56000 (56k) monthly views (unique) and 285135 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Quantum Route Redirect: New Phishing-as-a-Service Targets Microsoft 365 Users Worldwide

johny899

New Member
Content Writer
Messages
767
Reaction score
3
Points
23
Balance
$948.5USD
Have you heard of 'Phishing-as-a-Service'? Sounds fancy, right? Unfortunately, it’s a bad thing. Hackers are officially using a new phishing kit called Quantum Route Redirect (QRR), to target Microsoft 365 users around the world. I read all about it in a recent article on BleepingComputer, and I have to say, it's an ingenious (and concerning) method of attack. So, let's break it down in more details.

What is Quantum Route Redirect (QRR)?​

Basically, QRR is a tool for helping hackers obtain passwords. It’s basically an available-to-whoever phishing kit that is either for sale or rent on the internet.

According to the researchers:
  • QRR uses about 1,000 fake websites to gain login credentials.
  • It sends humans to a fake web page, but then utilizes bots or scanners to access a safe page (to avoid detection).
  • QRR has been spread across 90+ countries so far, with most attacks taking place in the U.S.
  • It disguises itself as legitimate communications like invoice emails, DocuSign requests, QR codes, voting alerts, voicemail, etc.
Isn’t that crazy? It means any low-level hacker can unleash phishing attacks like pros without any effort.

Why Target Microsoft 365 Users?​

Because Microsoft 365 accounts are valuable, they are usually tied to email addresses, files, and other company information. Just one stolen account can open up an entire organization.

One other thing to note is that Microsoft 365 makes it very easy for attackers to get company name, employee job roles, and email address format. This information is valuable to create a realistic fake login page.

One other facet of QRR is that it tricks email security systems. QRR provides a safe page to the scanner, however, sends real people to a fake login page, so your spam filters may never know these messages are not real.

How Does The Attack Work?​

Here is what generally happens:​

  • You receive a fake email, that looks real (e.g. invoice or important document).
  • You click the link.
  • It hijacks you to a fake Microsoft 365 login page.
  • You type in the username and password.
  • The hacker now gets your info right away.
Just like that, they are able to login to your account and start damaging the account.

How to Stay Safe​

Don’t worry — you can protect yourself with a little preparation:
  • Be skeptical with links from emails or in LinkedIn messages, even if they look legitimate.
  • Implement a strong form of MFA (multi-factor authentication) — an app or hardware key.
  • Be on the lookout for unfamiliar logins in your Microsoft 365 account.
  • Make sure that you are using reliable email filters that scan links or attachments.
  • Train your employees or colleagues to spot phishing emails.
In any case, if something does not look right — do not click it.
 
You must log in or register to reply here.
Menu
Log in
Register