Quantum Route Redirect is an automated phishing platform that uses around 1,000 domains to steal Microsoft 365 credentials. Most attacks are via emails disguised as DocuSign requests or payment notifications, primarily affecting users in the U.S. Security experts recommend robust URL filtering to defend against these threats.

Attackers are exploiting link wrapping services from companies like Proofpoint and Intermedia to mask malicious URLs that lead to Microsoft 365 phishing pages. By compromising protected email accounts, the threat actor is able to disguise harmful links in phishing campaigns, thus increasing the likelihood of credential theft from victims.