Blue Termite hacker group eating Japanese business from within

Kaspersky researcher Suguru Ishimaru says an advanced threat group is breaking convention and hacking high-end Japanese industries from within the country.

The group is popping the kind of targets sophisticated groups prefer, such as government agencies, financial firms, and manufacturing organisations.

Ishimaru says the number of attacks spiked last month as the so-called "Blue Termite" actor group began using the leaked Adobe Flash vulnerabilities revealed in the Hacking Team data dump in June.

"However, the attack is different in two respects: the main focus of Blue Termite is to attack Japanese organisations; and most of their command and control servers are located in Japan," Ishimaru says.

"Unfortunately, the attack is still active and the number of victims has been increasing."

Ishimaru says several companies have been compromised including the Japan Pension Service, Universities, health care organisations, energy, and media.

The attackers are also setting up watering hole attacks to lure victims. One website belonging to a "prominent member" of the Japanese government which targets only IP addresses linked to that government agencies.

Blue Termite has concocted its own custom malware which serves as a backdoor for Windows machines.

Compromised target websites will load movie.swf that contains and then serves the exploit to visitors.

The threat intelligence follows on the heels of Kaspersky data on the Dark Hotel actor group that also used the Hacking Team Flash vulnerabilities to target victims, typically by popping hotel networks to hit business executives.

The group's efforts target the HTML application (.hta) to attack executives in at least nine nations, from Bangladesh, to North Korea and Germany.

Kaspersky researchers say the group will "relentlessly spearphish specific targets" over months in order to pull off a successful compromise. ®