This report outlines the significant trends and statistics regarding phishing emails analyzed in January 2025, revealing tactics such as the use of HTML scripts, documents with hyperlinks, and VBA macros to exploit user credentials. The report further highlights specific cases involving malware distribution via phishing attacks and identifies recent trends in Korean phishing emails. Affected: phishing emails, malware distribution, online security
Keypoints :
- In January 2025, phishing emails predominantly featured attachments, including phishing scripts (48%).
- Threat actors often use HTML scripts to replicate legitimate pages and collect user credentials.
- Hyperlinks embedded in PDFs and other document formats are common methods for directing victims to phishing websites.
- Trends reflect a focus on phishing emails written in Korean, with recognizable keywords identified in subject lines and attachment names.
- Malware of the downloader type utilizes fake pages, while infostealer malware often comes with document attachments containing VBA macros.
- Executable files compressed using AutoIt scripts are increasingly being spread through phishing emails.
- The full ATIP report provides in-depth statistics on file extension distributions and specific phishing email case studies.
MITRE Techniques :
- Phishing (T1566) – Threat actors use phishing emails containing scripts and links to collect user credentials.
- Execution (T1203) – Malicious documents with embedded VBA macros execute harmful actions upon opening by the user.
- Command and Control (T1071) – Phishing emails direct users to fake websites that connect to the threat actor’s command and control server.
Indicator of Compromise :
- [MD5] 001246ee5372966ad28b347eecc6273c
- [MD5] 002815b806a977e440141fb51033911a
- [MD5] 013bc2572de1a1603d79fa761d533a1d
- [MD5] 0203eb8728954479cde22d0132037e5b
- [MD5] 05e24915bf1d6316cd8eebd082838240
Full Story: https://asec.ahnlab.com/en/86345/