AI-powered phishing campaign compromises hundreds of organizations

Researchers warn that generative AI is helping lower-tier attackers launch credential theft campaigns at a speed and scale previously associated with state-sponsored groups.

What happened

A phishing campaign using Railway, a cloud-hosting platform designed to help non-developers build and deploy web tools, has compromised Microsoft cloud accounts across hundreds of organizations, according to researchers cited by CyberScoop. The campaign exploits Microsoft's device code authentication flow, a login method designed for devices such as smart TVs and printers that cannot easily display a sign-in page. When victims are tricked into completing the authentication step, attackers receive valid OAuth tokens, which are digital access credentials, granting account access for up to 90 days without requiring a password or multi-factor authentication. Researchers said the campaign began compromising a few dozen targets per day in early March 2026 before accelerating sharply from March 3, with no identical emails or domains used across attacks, leading researchers to suspect the lures were generated using artificial intelligence tools.

Going deeper

The affected organizations span construction, law, real estate, manufacturing, finance, insurance, healthcare, and government. Researchers identified 344 confirmed victims, but said that likely only represents a fraction of the total. The total victim count may reach into the thousands. What made the campaign unusual beyond its scale was the quality of its lures. Templates ranged from traditional email formats to QR codes and co-opted file-sharing sites, with researchers describing the campaign's effectiveness as being like "Pandora's Box had opened." Railway's infrastructure was abused to spin up credential-harvesting pages using compromised domains, allowing phishing emails to bypass most commercial email filtering solutions because traffic appeared to originate from a legitimate cloud platform. Railway said it became aware of the campaign on March 6 after being contacted by researchers, confirmed that the associated accounts were banned and domains blocked, and acknowledged that its fraud detection systems face a balance between catching abuse and avoiding false positives.

What was said

Rich Mozeleski, product manager for the researchers' identity team, told CyberScoop that the campaign was "not anything we've ever done before" after his organization issued a conditional access policy update to 60,000 Microsoft cloud tenants to block emails originating from Railway domains. Prakash Ramamurthy, chief product officer at the same organization, said, "We are seeing crooks as the first movers of AI. They don't have any qualms about PII, they don't have any qualms about model training … and this incident, just in the sheer pace at which it has evolved, is kind of a testament to that." The statements were made to CyberScoop on March 23, 2026.

In the know

The Railway campaign is part of a broader wave of AI-assisted phishing operations exploiting cloud platform infrastructure. According to The Hacker News, attackers were previously documented using Vercel's v0 AI tool, a platform that generates web pages from simple text prompts, to rapidly build convincing replica login pages impersonating multiple brands. Researchers noted that the platform "allows emerging threat actors to rapidly produce high-quality, deceptive phishing pages, increasing the speed and scale of their operations," and that attackers also hosted supporting resources such as company logos on Vercel's infrastructure to further abuse platform trust and avoid detection. The pattern in both campaigns is identical: use legitimate cloud infrastructure to generate and host phishing content at scale, stripping away the technical barriers that previously limited how quickly an attacker could build and deploy a convincing campaign.

The big picture

Generative AI is lowering the barrier to entry for phishing operations that were once only achievable by sophisticated criminal groups. According to The Hacker News, the Europol-led takedown of the Tycoon 2FA phishing-as-a-service platform in March 2026 revealed the scale of what automated phishing infrastructure can achieve, with the service having facilitated unauthorized access to nearly 100,000 organizations globally, including hospitals and schools, while generating tens of millions of emails per month. Despite the disruption, Europol noted that "99% of organizations experienced account takeover attempts in 2025, and 67% experienced a successful account takeover," with 59 percent of taken-over accounts having MFA enabled. For healthcare organizations, the risk is compounded by an internal threat running alongside the external one. According to Paubox's Shadow AI report, 95 percent of healthcare organizations report staff are already using AI tools for work, yet 25 percent have not formally approved any staff AI email use, and 75 percent of IT leaders believe their staff assumes tools like Microsoft Copilot are automatically HIPAA compliant. As attackers accelerate their use of AI to generate more convincing and more frequent lures, organizations that have not established clear governance over their own use of AI face compounding exposure on both fronts.

FAQs

What is device code phishing?

Device code phishing exploits a legitimate Microsoft authentication flow designed for devices that cannot display a traditional login page. Attackers trick victims into completing the authentication step, which generates OAuth tokens granting the attacker persistent account access for up to 90 days, even if the victim later changes their password.

What is an OAuth token, and why is it valuable to attackers?

An OAuth token is a digital credential that allows access to an account or service without requiring a password to be entered each time. When attackers obtain a valid token through phishing, they can access the victim's email, files, and connected services until the token is explicitly revoked, making password resets alone insufficient to remove their access.

Why did commercial email filters fail to block this campaign?

The phishing emails were routed through Railway's legitimate cloud infrastructure, meaning traffic appeared to originate from a trusted platform. Combined with AI-generated lures that used no identical emails or domains across attacks, the campaign avoided the pattern-matching and reputation-based detection that most email security tools rely on.

Why is healthcare particularly exposed to this type of attack?

Healthcare organizations depend heavily on Microsoft 365, which accounted for 53 percent of breached organizations in 2025, according to the Paubox 2026 Healthcare Email Security Report. Many healthcare environments also have staff using unsanctioned AI tools without IT oversight, creating additional pathways for credential exposure.

What steps can organizations take to reduce risk from device code phishing?

Organizations should implement conditional access policies that block device code authentication flows where they are not operationally required, enforce phishing-resistant multi-factor authentication, monitor for unusual OAuth token activity, and revoke active sessions promptly when a compromise is suspected.