An anonymous reader writes: Japanese energy, oil and gas, and transport industries have been among those targeted by a group of cyberattackers focusing its efforts on Japanese critical infrastructure. According to research at Cylance SPEAR, the cyber threat group had previously been targeting U.S. defence agencies but has recently turned its attention to East Asia. While SPEAR does not believe the criminals have yet conducted "destructive or disruptive" attacks, it argues that they have been patiently and persistently spying on a range of Japanese organisations, such as construction companies and financial firms. The researchers have dubbed the campaign Operation Dust Storm, and have identified phishing lures related to current affairs as the attackers' tool of choice. SPEAR noted that the cyberattack group has managed to stay under the radar by registering new domain names, relying heavily on Dynamic DNS, and using a range of customised backdoors – especially a number of second-stage backdoors with hardcoded proxy addresses and credentials. The group also adopted several Android backdoors to support its mobile operations.