2018/11/27: attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. Included in the same directory are camouflaged files formatted in AutoLISP, an AutoCAD-specific dialect of the LISP programming language. When targets open the design document, they may inadvertently cause the AutoLISP file to be executed. While modern versions of AutoCAD by default display a warning that a potentially unsafe script will run, the warnings can be disregarded or suppressed altogether. To make the files less conspicuous, the attackers have set their properties to be hidden in Windows and their contents to be encrypted.
The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now.
The value of these documents–especially in new and prospering industries such as renewable energy–have probably never been this high. All this makes it attractive for the more skilled cybercriminal groups to chip in: instead of spamming out millions of emails and waiting for people to fall for it, significantly more money can be realized by selling blueprints to the highest bidder.