Overview
- Researchers report the service operating across about 1,000 parked or compromised domains that frequently use a consistent /quantum.php URL pattern.
- Attacks have been observed in 90 countries, with approximately 76% of victims located in the United States.
- The platform classifies visitors and redirects automated tools to legitimate sites, helping it evade some URL scanners and certain web application firewalls.
- Preconfigured email themes such as DocuSign requests, payroll notices, payment alerts, missed voicemail messages and QR codes funnel targets to Microsoft 365 credential pages.
- KnowBe4 advises multi-layered defenses that include content and URL analysis, sandboxing, continuous account monitoring, human risk management, email threat intelligence and rapid incident response.