Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments.
Cybersecurity researchers at Proofpoint say advanced persistent threat (APT) groups working on behalf of Russian, Chinese and Indian interests are using rich text format (RTF) template injections.
While the use of RTF text file attachments in phishing emails isn’t new, the technique being used by hackers is easier to deploy and more effective because it’s harder for antivirus software to detect – and many organisations won’t block RTF files by default because they’re part of everyday business operations.
SEE: A winning strategy for cybersecurity (ZDNet special report)
The technique is RTF template injection. By altering an RTF file’s document-formatting properties, it’s possible for attackers to weaponise an RTF file to retrieve remote content from a URL controlled by the attackers, enabling them to secretly retrieve a malware payload that gets installed on the victim’s machine.
Attackers can use RTF template injections to open documents in Microsoft Word, which will use the malicious URL to retrieve the payload while also using Word to display the decoy document.
This approach might