August 2025 Trends Report on Phishing Emails

SUMMARY :

The analysis reveals that phishing was the predominant threat in email attachments during August 2025, accounting for 63% of cases. Threat actors employed HTML scripts to replicate legitimate login pages and promotional content, aiming to capture user credentials. The report highlights an increase in malware distribution through document files exploiting vulnerabilities, such as the Equation Editor EQNEDT32.EXE vulnerability (CVE-2017-11882), leading to Purecrypter malware execution. Additionally, there's a rising trend in distributing PE files compressed in ZIP formats via phishing emails. The analysis covers Korean language phishing emails, providing insights into commonly used keywords and attachment types. The report also includes statistics on attachment file extensions and distribution trends over the past six months.

OPENCTI LABELS :

phishing,malware,fakepage,purecrypter,cve-2017-11882,email attachments,script attachments,korean language


AI COMMENTARY :

1. Report Overview: The [report] August 2025 Trends Report on Phishing Emails delivers a comprehensive examination of the most prevalent email-borne threats observed during August 2025, highlighting key tactics and emerging trends in threat intelligence.

2. Phishing as the Dominant Threat: Phishing emails accounted for 63% of all malicious email attachments in August, employing sophisticated HTML scripts that replicate legitimate login pages and promotional content to deceive users and harvest credentials.

3. Exploitation of Document Vulnerabilities: Threat actors increasingly leveraged document file exploits, notably the Equation Editor CVE-2017-11882 vulnerability, to deploy Purecrypter malware. By embedding malicious code within seemingly innocuous attachments, attackers achieved stealth and persistence.

4. Rise in PE File Distribution: In addition to script attachments, there was a notable rise in portable executable (PE) files compressed within ZIP archives. These compressed payloads were distributed via phishing campaigns, complicating detection by traditional email security solutions.

5. Korean Language Phishing Campaigns: The report identifies a surge in phishing emails written in Korean, utilizing localized keywords and culturally relevant themes to increase engagement. Commonly used terms in subject lines and body text reveal tailored social engineering tactics aimed at Korean-speaking users.

6. Attachment Extension Statistics and Trends: Analysis of attachment file extensions over the past six months shows shifting preferences among threat actors, with HTML, DOC, XLS, and ZIP formats dominating distribution channels. These insights help security teams anticipate and prepare for evolving malicious payload delivery methods.

7. Implications and Recommendations: Given the dominance of phishing and malware-laden attachments, organizations should employ multi-layered email security measures, user awareness training, and proactive threat hunting. Continuous monitoring of attachment trends and vulnerabilities like CVE-2017-11882 is essential for mitigating future risks.




OPEN NETMANAGEIT OPENCTI REPORT LINK!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


August 2025 Trends Report on Phishing Emails