ETDA ThaiCERT
Report
Search
Home > List all groups > Blue Termite, Cloudy Omega

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Blue Termite, Cloudy Omega

NamesBlue Termite (Kaspersky)
Cloudy Omega (Symantec)
CountryChina China
MotivationInformation theft and espionage
First seen2013
Description(Kaspersky) In October 2014, Kaspersky Lab started to research “Blue Termite”, an Advanced Persistent Threat (APT) targeting Japan. The oldest sample we’ve seen up to now is from November 2013.

This is not the first time the country has been a victim of an APT. However, the attack is different in two respects: unlike other APTs, the main focus of Blue Termite is to attack Japanese organizations; and most of their C2s are located in Japan. One of the top targets is the Japan Pension Service, but the list of targeted industries includes government and government agencies, local governments, public interest groups, universities, banks, financial services, energy, communication, heavy industry, chemical, automotive, electrical, news media, information services sector, health care, real estate, food, semiconductor, robotics, construction, insurance, transportation and so on. Unfortunately, the attack is still active and the number of victims has been increasing.
ObservedSectors: Automotive, Chemical, Construction, Education, Energy, Financial, Food and Agriculture, Government, Healthcare, High-Tech, Industrial, IT, Media, Telecommunications, Transportation and Real estate and several others.
Countries: Japan.
Tools usedEmdivi and 0-days from the Hacking Team breach.
Information<https://securelist.com/new-activity-of-the-blue-termite-apt/71876/>
<https://www.symantec.com/connect/blogs/operation-cloudyomega-ichitaro-zero-day-and-ongoing-cyberespionage-campaign-targeting-japan>

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Blind Eagle
Next: Bookworm

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key