OPERATION DUST STORM ATTACK TIMELINE
OPERATION DUST STORM
by Jon Gross and the Cylance SPEAR Team
At this time, SPEAR does not believe the attacks were meant to be destructive or disruptive. However, our team believes that attacks of this nature on companies involved in Japanese critical infrastructure and resources are ongoing and are likely to continue to escalate in the future.
It’s clear from SPEAR’s research that Operation Dust Storm has slowly evolved over time to become increasingly effective. Early operations were extremely blunt, relatively unsophisticated, and readily picked up by the security industry. As the group became more and more focused on Japan, less and less of their tactics and malware appeared in reports or write-ups. The targets identified escalated both in size and in the scope of affected industries.
As a result, SPEAR felt obligated to share with the community and public what was discovered recently, to hopefully stunt the attackers’ progress for a time.
New Security Research from Cylance SPEAR™ Team Uncovers Multi-Year, Multi-Attack Campaign Targeting Japanese Critical Infrastructure
“Operation Dust Storm” reveals increasingly sophisticated, targeted and successful cyber-attacks against Japanese electric utility, oil and gas, finance, transportation and construction companies
Cylance SPEAR™ team, the security research arm of Cylance, today released a report titled “Operation Dust Storm,” which reveals a multi-year, multi-attack campaign against Japanese commercial interests and critical infrastructure. The research uncovers how a well-organized and well-funded threat group, likely associated with a nation/state, has used a variety of attack vectors and techniques to infiltrate and gather sensitive information from companies in electric utilities, oil and gas, finance, transportation and construction.
“Since 2010, a threat group with considerable resources has been using various exploits to attack commercial interests around the globe, with a specific focus on Japan,” said Jon Miller, vice president of strategy, Cylance. “Whereas early activity by the group showed less sophistication and a broader set of targets, SPEAR’s current research indicates the group’s present focus has shifted specifically and exclusively to Japanese companies or Japanese subdivisions of larger foreign organizations. The group has also shown an ability to exploit Android-based mobile devices, illustrating that these types of attacks are more prevalent in the mobile-centric business cultures in Asia. The campaign continues to this day.”
Specific findings of Operation Dust Storm include:
The full Operation Dust Storm report can be downloaded here and includes more detail on the types of attacks, targets and a complete timeline of attacks between 2010 and 2015. Future Cylance SPEAR research focused specifically on the mobile-based attacks covered in Operation Dust Storm will be released later this year. Through Cylance research and analysis work, previously undocumented attacks indicate that this activity is directed by one threat actor or entity, and there is undoubtedly more to discover. Cylance analysis is ongoing and there will be more updates as new aspects and new attacks are uncovered.
Your email address will not be published.