Iran-linked threat actor APT34 has added three new malware families to its spy arsenal. The group was posing as a Cambridge University lecturer, including setting up a LinkedIn page. The phishing campaign was going after energy companies, government workers and utilities, FireEye said. The malware was dropped by a file named ERFT-Details.xls, sent via a LinkedIn message from Research Staff at University of Cambridge . The social conversation began with the solicitation of resumes for potential job opportunities.
Source: https://threatpost.com/iran-apt34-linkedin-malware/146575/