A new phishing automation platform named Quantum Route Redirect is using around 1,000 domains to steal Microsoft 365 users’ credentials.

The kit comes pre-configured with phishing domains to allow less skilled threat actors to achieve maximum results with the least effort.

Since August, analysts at security awareness company KnowBe4 have noticed Quantum Route Redirect (QRR) attacks in the wild across a wide geography, although nearly three-quarters are located in the U.S.