Key Findings

• Hundreds of organizations compromised through AI-generated phishing campaign leveraging Railway cloud platform

• Attackers achieved massive scale increase starting March 3, with 50+ new compromises daily as of late March

• Campaign exploits Microsoft device authentication flow, granting 90-day OAuth tokens without passwords or MFA

• Affected sectors include construction, law, nonprofits, real estate, manufacturing, finance, healthcare, and government

• Huntress identified only 344 confirmed victims but believes actual compromise count likely reaches thousands

• All observed attacks routed through Railway.com infrastructure, suggesting coordinated use of platform-as-a-service for credential harvesting

Background

In early March 2026, Huntress researchers identified a phishing campaign that rapidly escalated from affecting dozens of targets daily to compromising hundreds of organizations within weeks. The campaign's sophistication stood out immediately. Rather than relying on mass-produced templates, the attackers generated unique phishing emails for each target, leading researchers to conclude AI tools were being used to create tailored lures at scale. The diversity and volume of custom content overwhelmed traditional email filtering defenses.

Campaign Mechanics and Exploitation Method

The attackers weaponized Railway's platform-as-a-service infrastructure to host credential harvesting sites and distribute phishing emails. By rotating through compromised domains and IP addresses within Railway's network, the campaign avoided detection by email filters that typically flag identical messages or domains.

The actual exploit targets a weakness in Microsoft's authentication flow for peripheral devices like smart TVs and printers. When users fall for the phishing lure and complete the fake authentication, attackers receive valid OAuth tokens tied to the victim's account. These tokens remain valid for up to 90 days without requiring passwords or multifactor authentication—a significant security gap that allowed attackers to maintain persistent access long after the initial compromise.

AI-Driven Lure Generation

The phishing templates varied dramatically across the campaign. Some emails mimicked traditional business communications, while others incorporated QR codes or impersonated legitimate file-sharing services. This diversity was the campaign's defining characteristic. Huntress researcher Rich Mozeleski described the moment of discovery as "Pandora's Box had opened," emphasizing both the volume and effectiveness of the varied lures.

The campaign's unusual sophistication raised questions about how a relatively small threat actor operating from approximately a dozen IP addresses could scale such a complex operation. The answer appears to be AI automation, though researchers couldn't definitively confirm whether attackers used Railway's own AI tools or brought in external generative AI capabilities.

Victim Demographics and Scale

Huntress confirmed 344 victims across diverse sectors. The affected organizations included construction and trade companies, law firms, nonprofits, real estate agencies, manufacturers, financial institutions, insurance companies, healthcare providers, and government and public safety agencies. The geographic and sectoral spread suggests indiscriminate targeting rather than industry-specific espionage.

However, Huntress emphasized that their confirmed cases likely represent a fraction of actual compromises. The researcher suggested thousands of organizations could have been affected worldwide, with many potentially unaware of their compromise.

Response and Containment Efforts

Huntress took an unprecedented step in response to the campaign, issuing a conditional access policy update to 60,000 Microsoft cloud tenants on March 19. The policy blocks emails originating from Railway domains, an action the company described as something they had never attempted before.

Railway acknowledged the incident after being contacted by Huntress on March 6. The platform subsequently banned associated accounts and blocked the identified phishing domains. However, the company's fraud detection systems initially failed to catch the campaign because the attackers deliberately avoided patterns their heuristics monitor—such as repeated credit cards, shared code sources, or overlapping infrastructure.

Platform Vulnerabilities and Prevention

Railway's fraud detection operates as a balancing act between catching malicious activity and avoiding false positives. A February incident demonstrated the risk: aggressive fine-tuning of automated abuse enforcement caused a customer outage. This constraint left room for sophisticated attackers to operate.

Mozeleski suggested Railway could strengthen defenses by implementing validation and oversight on free trial accounts, similar to safeguards used by platforms like MailChimp and HubSpot. These competitors prevent users from immediately spinning up resources and launching campaigns at scale without additional verification.

Broader Implications

The campaign highlights how AI tools in the hands of less-sophisticated threat actors can replicate attack methodologies previously associated with nation-states or advanced criminal groups. Traditional script kiddies now have access to automation capabilities that enable them to conduct phishing operations with enterprise-grade sophistication.

Sources

• https://cyberscoop.com/huntress-railway-ai-phishing-campaign-compromised-hundreds-of-organizations/

• https://x.com/CyberScoopNews/status/2036134012108898644

• https://www.facebook.com/cyberscoop/posts/an-ai-powered-phishing-campaign-has-compromised-hundreds-of-organizations/1483544210437371/

• https://www.linkedin.com/posts/cyberscoop_an-ai-powered-phishing-campaign-has-compromised-activity-7441899705866862592-cVbt

• https://www.socdefenders.ai/item/1e5be4c4-7629-4b71-b691-ecef2b6b8803