high_confidence

Operation Dust Storm

[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm) [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)

Start date

1 January 2010

End date

1 February 2016

Techniques

Attributed actors

APT40· primary

Techniques (17)

command-and-control1

T1568Dynamic Resolution

discovery1

T1518Software Discovery

execution5

T1204.002Malicious File

T1059.007JavaScript

T1203Exploitation for Client Execution

T1204.001Malicious Link

T1059.005Visual Basic

initial-access3

T1566.002Spearphishing Link

T1566.001Spearphishing Attachment

T1189Drive-by Compromise

resource-development2

T1585.002Email Accounts

T1583.001Domains

stealth5

T1140Deobfuscate/Decode Files or Information

T1027.002Software Packing

T1036Masquerading

T1027.013Encrypted/Encoded File

T1218.005Mshta

Indicators of compromise

No IOCs linked to this campaign yet.