Axiom

Threat Actor updated 4 months ago (2024-05-04T17:17:35.242Z)

Download STIX

Preview STIX

Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventions for these groups were established by cybersecurity companies like Kaspersky Lab and Symantec in their 2013/2014 reports. Axiom, along with other groups, utilizes external resources as per the diamond model of intrusion analysis, which states that any intrusion event requires one or more external resources to succeed. The APT41 group, another alias for Axiom, has been active since at least 2007 and is linked to significant cyberespionage activities originating from China. This group has demonstrated its capabilities by exploiting various infrastructure and targets to achieve its goals. Their activities align with the primary axiom of the intrusion analysis model, which emphasizes that every intrusion event involves an adversary using specific capabilities over infrastructure against a victim to produce a result. In recent developments, the term "Axiom" has also been associated with non-malicious entities. For instance, Axiom Space, a company unrelated to the threat actor, announced plans to build and launch an orbital datacenter to support missions aboard its commercial space station. Notably, retired Gen. John W. “Jay” Raymond joined the board of directors for Axiom Space. Furthermore, Axiom Armored is listed as a key player in the cash management system market. It's crucial to differentiate between these entities and the threat actor Axiom to avoid confusion.

Description last updated: 2024-05-04T16:18:26.729Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Winnti	3	The Winnti Group is a sophisticated threat actor that has been active since at least 2007, first identified by Kaspersky in 2013. This collective of Chinese nation-state hackers is known for its advanced cyberespionage capabilities and its unique strategy of targeting legitimate software supply chai
APT41	2	APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various
Barium	2	Barium, also known as BRONZE ATLAS or APT41, is a threat actor that has been associated with various malicious activities. Originating from China and active since at least 2007, this group has been implicated in cyberespionage efforts targeting multiple sectors across the globe. In 2017, according t

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Axiom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	Gen. Mark Milley’s Second Act: Multimillionaire
CERT-EU	6 months ago	Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
CERT-EU	7 months ago	Italy commissions study on space-based supercomputers
Recorded Future	7 months ago	What is the Diamond Model of Intrusion Analysis?
CERT-EU	8 months ago	Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU	10 months ago	Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
CERT-EU	10 months ago	Cash management system market size to grow by USD 11.91 billion from 2023 to 2028, Growth driven by demand for real-time tracking of cash movement- Technavio
Securityaffairs	a year ago	Redfly group infiltrated an Asian national grid as long as six months
CERT-EU	a year ago	SpiderOak's John Moberly: OrbitSecure Brings Data Protection Capabilities for Space Systems - ExecutiveBiz
CERT-EU	a year ago	SpiderOak demonstrates OrbitSecure communications with ISS
CERT-EU	a year ago	SpiderOak announces successful demonstration of OrbitSecure on International Space Station
CERT-EU	a year ago	Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group \| IT Security News
Securityaffairs	a year ago	Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
CERT-EU	a year ago	ABCDE co-sponsored a two-month ZK Hacker Camp with Starkware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	2023年5月勒索软件流行态势分析 - 360CERT
MITRE	2 years ago	Threat Spotlight: Group 72
MITRE	2 years ago	Games are over: Winnti is now targeting pharmaceutical companies
CERT-EU	2 years ago	Boulder County used opioid settlement money to buy controversial phone-hacking tools \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
CERT-EU	a year ago	Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU	a year ago	Opinion: Tina Peters’ ankle monitor fashion could spark a new look for the GOP