Cybersecurity researchers at Huntress have uncovered a prolific AI‑driven phishing operation that has infiltrated over 344 Microsoft 365 tenants globally, spanning construction, manufacturing, finance, healthcare, legal firms, nonprofits, real estate, insurance, and government agencies.
The campaign weaponises generative AI to craft highly personalised lures—emails, QR codes, and co‑opted file shares—that consistently evade commercial filters, tricking users into device code authentication flows on legitimate Microsoft endpoints. This yields OAuth tokens valid for up to 90 days, granting attackers persistent, passwordless access without MFA triggers, with volume surging post‑March 3 from dozens to hundreds daily.
Railway PaaS Abuse Enables Scalable Evasion
Infrastructure centres on Railway’s developer PaaS, abused for its pristine reputation and free tiers to host phishing pages and replay stolen tokens via Cloudflare Workers, bypassing Microsoft’s risk‑based scoring. Huntress PM Rich Mozeleski described the “staggering volume and unprecedented effectiveness,” attributing uniqueness to AI generation varying domains, content, and tactics. A dozen IPs trace to a small actor, but PhaaS like EvilTokens (Telegram‑sold since Feb 16) democratises replication.
Railway banned implicated accounts after Huntress’ March 6 alert, implementing stricter vetting; similar to MailChimp/HubSpot exploits. Huntress proactively updated conditional access policies for 60,000 tenants, blocking Railway domains/IPs—a scale unprecedented—and prototype tests validated AI workflows’ role in rapid iteration.
Enterprise Implications and Defensive Imperatives
Prof Prakash Ramamurthy, Huntress CPO, called AI “crooks’ first mover advantage,” amplifying low‑skill threats to nation‑state levels via synthetic identities and autonomous agents. Victims number potentially thousands; Huntress mitigated post‑breach in clients.
Leaders must prioritise device code restrictions, anomalous auth monitoring, token validation, and PaaS risk assessments. Amid 2026’s AI threat escalation, this underscores the need for AI‑native intel and zero‑trust architectures to counter automated, evasive phishing.
