Most impressive was the clever social engineering of the attack – the PDF was in reference to a real conference taking place in Los Vegas, and appeared to be coming from the Department of Defense.
We all get a bit inured to the deluge of phishing messages imploring us to change our information or update our accounts with Ebay or Bank of America – “Type your passwords into this web page and SOME BIG PROBLEM will be averted!” Those are crude mass attacks that aren’t likely to convince many people – but if it gets .5%, that’s plenty. However, targeted attacks like those that hit the contractors are far more dangerous – the savviest of us are susceptible to custom designed manipulation.
The motivations, if not the identity, of the attackers are pretty clear. One of the benefits of backwardness – that is, being a country whose militarily lags behind technologically – is that you don’t have to re-invent the wheel, or even the Reaper. You just have to steal the plans for it.