A large-scale phishing operation linked to the AI-enabled cloud hosting platform Railway has enabled cybercriminals to infiltrate Microsoft cloud accounts belonging to hundreds of organizations, according to findings by Huntress.
Rich Mozeleski, a product manager on Huntress’ identity team, revealed that the activity appears to be associated with a relatively small threat actor operating from roughly a dozen IP addresses. Despite its size, the campaign has successfully compromised hundreds of targets in recent weeks.
The attack initially impacted a few dozen organizations daily in early March, but activity surged sharply beginning March 3. Mozeleski noted that the campaign stood out due to its sophistication and variability—no two phishing emails or domains were identical. This led researchers to suspect the use of artificial intelligence tools to generate customized phishing content. The lures included a mix of conventional email tactics, QR codes, and hijacked file-sharing platforms.
“Just the amount of it was like Pandora’s Box had opened, and the efficacy was just through the roof,” Mozeleski said.
The attackers leveraged a weakness in Microsoft’s device authentication process—commonly used by smart TVs, printers, and terminals—to obtain valid OAuth tokens. These tokens can grant access to accounts for up to 90 days without requiring passwords or multi-factor authentication.
While Huntress reported that hundreds of its customers were deceived by the phishing attempts, the firm stated it successfully blocked any follow-on malicious activity. However, researchers believe these cases likely represent only a fraction of the total victims, which could reach into the thousands.
Organizations affected span a wide range of industries, including construction, legal services, nonprofits, real estate, manufacturing, finance, healthcare, and public sector entities. Huntress identified at least 344 impacted organizations in a detailed report.
To mitigate the threat, Huntress deployed a conditional access policy update across 60,000 Microsoft cloud tenants, specifically targeting emails originating from Railway-related domains. Mozeleski described this step as “not anything we’ve ever done before.”
Weaponizing Cloud Infrastructure with AI
Investigators believe the attackers abused Railway’s Platform-as-a-Service offering—designed to help users build applications without coding expertise—to rapidly create phishing infrastructure for credential harvesting.
By using compromised domains and generating highly tailored phishing messages, the attackers were able to evade traditional email security filters. All observed attacks were traced back to Railway’s IP infrastructure, though it remains unclear whether Railway’s native AI tools or external solutions were used to craft the phishing content.
Responding to the incident, Railway solutions engineer Angelo Saraceno confirmed that the company took action after being alerted by Huntress on March 6. “The associated accounts were banned and the domains were blocked,” Saraceno said.
“Our heuristics are built to catch correlations: repeated credit cards, shared code sources, overlapping infrastructure,” he wrote in an email. “When a campaign avoids those signals, it gets further than we’d like.”
Saraceno emphasized that fraud detection requires balancing security enforcement with minimizing false positives, referencing a prior February incident where system tuning caused customer disruptions.
Despite mitigation efforts, Mozeleski stated that Huntress continued to detect over 50 daily compromises tied to Railway-hosted phishing domains. He suggested that stronger vetting processes—especially for free-tier users—could help prevent such abuse, drawing comparisons to platforms like Mailchimp and HubSpot that enforce stricter usage controls.
“Do not allow anybody to come in, start a trial, spin up resources, and start using your infrastructure” for cyberattacks, he said.
A notable aspect of this campaign is the use of AI-powered infrastructure typically associated with advanced or state-backed threat actors, now being deployed for relatively routine phishing schemes. This shift highlights growing concerns among cybersecurity experts about the democratization of powerful attack tools.
Experts warn that lower-tier cybercriminals, often referred to as “script kiddies,” may benefit significantly from generative AI technologies. John Hultquist recently noted that such tools are likely to empower smaller cybercriminal groups even more than state-sponsored actors.
Meanwhile, promotional material from Railway highlights features such as “vertical auto-scale out of the box” and the ease of deploying self-hosted tools—capabilities that may inadvertently aid malicious use.
“We are seeing crooks as the first movers of AI,” said Prakash Ramamurthy, chief product officer at Huntress. “They don’t have any qualms about PII, they don’t have any qualms about model training … and this incident, just in the sheer pace at which it has evolved, is kind of a testament to that.”
