Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns.
This technique is a simple yet effective method to retrieve malicious content from a remote URL, and threat analysts expect it to reach a wider audience of threat actors soon.
Researchers at Proofpoint spotted the first cases of weaponized RTF template injection in March 2021, and since then, actors have been steadily optimizing the technique.