Campaign · all campaigns
Operation Dust StormC0016 unknown
aka Operation Dust Storm
Last updated: 2026-07-03
About this actor
[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm) [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)
Source: MITRE ATT&CK
Activity timeline
- 2011 — 1 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2011-1255 | 8.0 | 0.0 | 0.9270 | 2011-06-16 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-3 | 18 / 24 | 75% |
SI-4 | 17 / 24 | 71% |
CA-7 | 14 / 24 | 58% |
CM-2 | 14 / 24 | 58% |
CM-6 | 14 / 24 | 58% |
SI-7 | 12 / 24 | 50% |
AC-4 | 10 / 24 | 42% |
CM-7 | 10 / 24 | 42% |
SC-7 | 10 / 24 | 42% |
SI-2 | 10 / 24 | 42% |
SI-10 | 8 / 24 | 33% |
AC-6 | 7 / 24 | 29% |
CM-8 | 7 / 24 | 29% |
SC-44 | 7 / 24 | 29% |
AC-3 | 6 / 24 | 25% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- Transparent Tribe 0.52
- Operation Spalax 0.45
- Elderwood 0.44
- LazyScripter 0.38
- TA2541 0.38
Active in same years
- NEODYMIUM 1.00
- PROMETHIUM 1.00