Blue Termite is a cyberespionage campaign that has been targeting hundreds of organizations in Japan for at least two years. The attackers hunt for confidential information and utilize a zero-day Flash player exploit and a sophisticated backdoor, which is customized for each victim.
Who are the victims of its attacks?
Kaspersky Lab has been able to identify several hundred victims, in Japan.
Targets of Blue Termite attacks include in the following sectors:
Governmental organizations
Manufacturing
Financial
Chemical
Satellite
Media
Medical
Food
Education organizations
Am I at risk?
You might be a target for Blue Termite if the following risk factors are relevant to you:
Risk factors:
If you are in Japan or often travel there and you work for/with an industry targeted by the attackers
If you regularly visit Japanese websites
If you use an unpatched Adobe Flash Player
How do I know if I’m infected?
Kaspersky Lab products detect the malware used in Blue Termite campaign as:
Backdoor.Win32.Emdivi.*
Backdoor.Win64.Agent.*
Exploit.SWF.Agent.*
HEUR:Backdoor.Win32.Generic
HEUR:Exploit.SWF.Agent.gen
HEUR:Trojan.Win32.Generic
Trojan-Downloader.Win32.Agent.*
Trojan-Dropper.Win32.Agent.*
How can I protect myself?
To protect against Blue Termite attacks, make sure you follow these basic security best practices: