By Lisa Gilbert

I’m sharing this article primarily for my students, many of whom work for DoD contractors, but I also have several friends in aerospace. The explanation is fairly technical, so it’s a good read for my students to become more fluent in “speaking the language.” The Cliff’s Notes version is that an Iranian group calling themselves APT33 (APT stands for “Advanced Persistent Threat”), is sending bogus technical job postings to employees in aviation, energy, petrochemical, and defense department industries. The emails contain an attachment that is an .hta file — it does contain job postings copied from a legitimate website, but it also includes a chunk of executable code, known as a Trojan horse, that opens a backdoor into the user’s system and allows the malicious actors to “spy” on the recipient. If you’re interested in the full story, here’s a link to the story by my friends at FireEye: