Full Report
Huntress researchers said it’s likely the victims in Railway’s customer set represent just a fraction of compromised organizations worldwide. The post An AI-powered phishing campaign has compromised hundreds of organizations appeared first on CyberScoop.
Analysis Summary
# Incident Report: AI-Powered Railway PaaS Phishing Campaign
## Executive Summary
A sophisticated phishing campaign leveraged the Railway Platform-as-a-Service (PaaS) and AI-generated lures to compromise Microsoft 365 accounts across hundreds of organizations. The attackers bypassed traditional security filters and multi-factor authentication (MFA) by exploiting Microsoft's device authentication flow to perform token replay attacks. While Huntress intervened for its customer base, the global scope of compromised victims is estimated to be in the thousands.
## Incident Details
- **Discovery Date:** March 6, 2026 (Initial contact with Railway)
- **Incident Date:** Early March 2026 – Ongoing (Significant escalation starting March 3)
- **Affected Organization:** 344+ confirmed organizations (via Huntress); thousands estimated globally.
- **Sector:** Multisector (Construction, Law, Nonprofits, Manufacturing, Finance, Healthcare, Government).
- **Geography:** Global.
## Timeline of Events
### Initial Access
- **Date/Time:** Early March 2026; "Massive increase" in volume on March 3, 2026.
- **Vector:** Phishing via AI-generated emails, QR codes, and co-opted file-share sites hosted on Railway infrastructure.
- **Details:** Attackers used Railway’s infrastructure to host credential harvesting pages. Lures were unique (no identical domains/emails), suggesting AI generation to evade signature-based detection.
### Lateral Movement
- **Details:** Not explicitly detailed in the report, but the capture of OAuth tokens allowed for persistent, passwordless access to the victim's Microsoft cloud environment.
### Data Exfiltration/Impact
- **Details:** The primary impact was the compromise of Microsoft 365 cloud accounts. Valid OAuth tokens were stolen, providing up to 90 days of access without requiring MFA or passwords.
### Detection & Response
- **How it was discovered:** Huntress researchers identified a surge in identity-based alerts and traced the traffic back to Railway infrastructure.
- **Response actions taken:** Huntress implemented a blanket conditional access policy blocking emails from Railway domains for 60,000 tenants; Railway banned associated accounts and blocked three domains starting March 6.
## Attack Methodology
- **Initial Access:** Phishing (Email, QR codes, bespoke file-sharing links).
- **Persistence:** OAuth Token Replay (tokens valid for up to 90 days).
- **Privilege Escalation:** Not specified, but token theft grants the permissions of the compromised user.
- **Defense Evasion:** AI-generated unique lures/domains to bypass spam filters; use of legitimate Railway.com infrastructure to establish "reputational" trust.
- **Credential Access:** Exploitation of Microsoft’s device authentication flow (used for smart TVs/printers) to intercept tokens.
- **Discovery:** Not specified.
- **Lateral Movement:** Token-based access to M365 resources.
- **Collection:** Potential access to all M365 data (Emails, SharePoint, OneDrive).
- **Exfiltration:** Potential data theft (actions largely prevented for Huntress customers).
- **Impact:** Identity compromise and unauthorized cloud account access.
## Impact Assessment
- **Financial:** Unknown; potential for Business Email Compromise (BEC) related fraud.
- **Data Breach:** Compromise of hundreds of M365 tenants; volume of data stolen is currently unquantified.
- **Operational:** Disruption due to account lockdowns and remediation efforts.
- **Reputational:** Significant for the hosting provider (Railway) and affected legal/healthcare entities.
## Indicators of Compromise
- **Network indicators:** Traffic originating from Railway.com IP infrastructure (e.g., approximately 12 specific IP addresses identified by Huntress).
- **File indicators:** Bespoke AI-generated phishing templates and PDF/HTML lures.
- **Behavioral indicators:** Unusual device registration requests; OAuth token requests from unexpected IP addresses; logins bypassing MFA via device flow.
## Response Actions
- **Containment:** Blocking of Railway infrastructure at the tenant level; Railway banning fraudulent accounts.
- **Eradication:** Revocation of compromised OAuth tokens and sessions.
- **Recovery:** Implementing stricter Conditional Access Policies (CAPs).
## Lessons Learned
- **Key takeaways:** Attackers are successfully leveraging AI to achieve scale and variety that defeats traditional "static" email filters.
- **Platform Abuse:** Free-tier Cloud PaaS remains a high-value target for hosting malicious infrastructure due to the inherent trust associated with their domains.
- **Protocol Weakness:** The Microsoft device code flow remains a significant "blind spot" for organizations that have not restricted its use through conditional access.
## Recommendations
- **Restrict Device Code Flow:** Organizations should disable or strictly limit the Microsoft device authentication flow via Conditional Access policies if not required for business operations.
- **Monitor OAuth Permissions:** Regularly audit enterprise applications and user-consented permissions within M365.
- **Infrastructure Vetting:** Providers like Railway should implement stricter vetting for free-trial users and monitor for high-volume outbound mail/infrastructure spikes.
- **Adaptive Filtering:** Shift from signature-based email security to behavioral/AI-based filtering that can detect "vibe-coded" or anomalous language patterns.