VIRUS DEFINITION

Virus Type: Spyware, Advanced Persistent Threat

What is Blue Termite?

Blue Termite is a cyberespionage campaign that has been targeting hundreds of organisations in Japan for at least two years. The attackers hunt for confidential information and utilise a zero-day Flash player exploit and a sophisticated backdoor, which is customised for each victim.

Who are the victims of its attacks?

Kaspersky Lab has been able to identify several hundred victims, in Japan.

Targets of Blue Termite attacks include in the following sectors:

  • Governmental organizations
  • Manufacturing
  • Financial
  • Chemical
  • Satellite
  • Media
  • Medical
  • Food
  • Education organizations

Am I at risk?

You might be a target for Blue Termite if the following risk factors are relevant to you:

Risk factors:

  • If you are in Japan or often travel there and you work for/with an industry targeted by the attackers
  • If you regularly visit Japanese websites
  • If you use an unpatched Adobe Flash Player

How do I know if I’m infected?

Kaspersky Lab products detect the malware used in Blue Termite campaign as:

  • Backdoor.Win32.Emdivi.*
  • Backdoor.Win64.Agent.*
  • Exploit.SWF.Agent.*
  • HEUR:Backdoor.Win32.Generic
  • HEUR:Exploit.SWF.Agent.gen
  • HEUR:Trojan.Win32.Generic
  • Trojan-Downloader.Win32.Agent.*
  • Trojan-Dropper.Win32.Agent.*

How can I protect myself?

To protect against Blue Termite attacks, make sure you follow these basic security best practices: