APT Hacking Groups From Russia, China and India Are Using a New RTF Format in Phishing Campaigns

State-based hacking groups from Russia, India and China have been observed to use the new Rich Text Format Template in their recent phishing campaigns. RTF file is a document format created by Microsoft that can be opened using Microsoft Word, WordPad, and other applications found on almost all operating systems. These files can also include a locally hosted RTF template, which specifies the document's format. Threat actors are abusing the functionality of being able to retrieve the RTF URL resource instead of a local file resource, which allows hackers to distribute malicious payloads via Word documents. Read more...