Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems.

"RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to retrieve malicious content from a remote URL using an RTF file," Proofpoint researchers said in a new report shared with The Hacker News.