Cylance SPEAR™ has uncovered a long-standing campaign targeting numerous critical and secure industries spread across Japan, South Korea, the United States, Europe, and several other Southeast Asian countries. Attack telemetry indicates Operation Dust Storm has migrated from more traditional government and defense-related intelligence targets to exclusively seek out organizations involved in Japanese critical infrastructure and resources. The group’s escalating activities, along with their choice of targets, obligates SPEAR to share this report. SPEAR believes attacks of this nature on companies involved in Japanese critical infrastructure and resources are ongoing and likely to continue to escalate in the future.


SPEAR’s research indicates Operation Dust Storm has been operational since at least early 2010. The group has already compromised a wide breadth of victims across the following industry verticals: electricity generation, oil and natural gas, finance, transportation, and construction. SPEAR’s current research indicates the group’s present focus has shifted to specifically and exclusively target Japanese companies or Japanese subdivisions of larger foreign organizations, including a major Japanese oil and gas company, a Japanese subsidiary of a South Korean electric utility, and a major Japanese automaker.

View Timeline Infographic


Operation Dust Storm was first discovered by the Cylance SPEAR Team and confirmed with Cylance products. If you’re interested in how your organization can be protected against threat campaigns like those featured in our Operation Dust Storm report, talk to a Cylance expert. With deep expertise in critical infrastructure security, we help Fortune 500s and governments around the world protect themselves against tomorrow’s threats, today.

If you would like to contact us via encrypted email instead, please download our public PGP key and contact opduststorm@cylance.com for assistance.

Read Our Blog


If you'd like to contact the Cylance team via encrypted email, download our public PGP key and send a message to  opduststorm@cylance.com