Group: Dust Storm

From ATT&CK
Jump to: navigation, search
Dust Storm
Group
ID G0031
Aliases Dust Storm

Dust Storm is a threat group that has targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries.1

Techniques Used

  • Obfuscated Files or Information - Dust Storm has encoded payloads with a single-byte XOR, both skipping the key itself and zeroing in an attempt to avoid exposing the key.1
  • Data from Local System - Dust Storm has used Android backdoors capable of exfiltrating specific files directly from the infected devices.1

Software