Threat Research

Emerging Phishing Techniques: New Threats and Attack Vectors

iocOne
Emerging Phishing Techniques: New Threats and Attack Vectors

This article discusses the evolution of phishing techniques used by attackers to bypass email security measures, highlighting four advanced methods that have emerged in 2025. These include the use of Base64 JavaScript in SVG files, hidden malicious URLs in PDFs and OneDrive links, and MHT files embedded within OpenXML documents. Each approach demonstrates the need for enhanced detection mechanisms and reveals critical vulnerabilities in current cybersecurity strategies. Affected: email security solutions, SVG files, PDF files, OneDrive, OpenXML documents

Keypoints :

  • Phishing exploits human psychology to trick users into revealing sensitive information.
  • Attackers adapt their tactics to evade modern email and endpoint security checks.
  • Four notable phishing techniques were observed in early 2025.
  • Attacks leverage unconventional file formats like SVG, PDF, and OneDrive links to deliver payloads.
  • Deep inspection of file structures is necessary for detecting such sophisticated phishing attacks.
  • Most traditional security solutions failed to flag these phishing attempts during initial analyses.

MITRE Techniques :

  • ***T1566.001: Phishing: Spear Phishing Attachment*** – Attackers embedded Base64-encoded JavaScript in SVG files to redirect users to phishing pages.
  • ***T1566.001: Phishing: Spear Phishing Attachment*** – Malicious URLs were hidden in PDF annotations but remained undetected by traditional scanning techniques.
  • ***T1566.001: Phishing: Spear Phishing Link*** – Phishing campaigns utilized OneDrive links to deliver malware which were not visible until JavaScript executed dynamically.
  • ***T1071.001: Application Layer Protocol: Web Protocols*** – Malicious MHT files embedded within .docx documents executed phishing attacks through QR codes.

Indicator of Compromise :

  • [Hash] b5a7406d5b4ef47a62b8dd1e4bec7f1812162433955e3a5b750cc471cbfad93e
  • [Hash] 252422de154885806f491d602af3bb2eda10563308c65fa5ba8272a9b59f7f41
  • [URL] https://1drv[.]ms/o/c/1ba8fd2bd98c98a8/EqF44YiGOwBIpBplYeDLr_8BcMUtVTMm6dwmUK9E0dXA_A?e=ZrI61x
  • [URL] https://login.rocklongdays[.]shop/NXayublq
  • [Hash] 07565bc74159ddbebb8dadbd6f20871f4236883653dc7fdd1d30ecd0460167e5

Full Story: https://intezer.com/blog/emerging-phishing-techniques-new-threats-and-attack-vectors/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint