Axiom

Threat Actor updated 7 months ago (2024-05-04T17:17:35.242Z)

Download STIX

Preview STIX

Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventions for these groups were established by cybersecurity companies like Kaspersky Lab and Symantec in their 2013/2014 reports. Axiom, along with other groups, utilizes external resources as per the diamond model of intrusion analysis, which states that any intrusion event requires one or more external resources to succeed. The APT41 group, another alias for Axiom, has been active since at least 2007 and is linked to significant cyberespionage activities originating from China. This group has demonstrated its capabilities by exploiting various infrastructure and targets to achieve its goals. Their activities align with the primary axiom of the intrusion analysis model, which emphasizes that every intrusion event involves an adversary using specific capabilities over infrastructure against a victim to produce a result. In recent developments, the term "Axiom" has also been associated with non-malicious entities. For instance, Axiom Space, a company unrelated to the threat actor, announced plans to build and launch an orbital datacenter to support missions aboard its commercial space station. Notably, retired Gen. John W. “Jay” Raymond joined the board of directors for Axiom Space. Furthermore, Axiom Armored is listed as a key player in the cash management system market. It's crucial to differentiate between these entities and the threat actor Axiom to avoid confusion.

Description last updated: 2024-05-04T16:18:26.729Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Winnti is a possible alias for Axiom. Winnti is a threat actor group known for its malicious activities, primarily originating from Chinese Advanced Persistent Threat (APT) operational infrastructure. The group, which has been active since at least 2007, was first spotted by Kaspersky in 2013. It is associated with several aliases such	3
APT41 is a possible alias for Axiom. APT41, also known as Winnti, is a threat actor suspected to be originating from China, with its activities dating back to as early as 2012. It has targeted organizations in at least 14 countries and has been associated with the use of at least 46 different code families and tools. The group's activi	2
Barium is a possible alias for Axiom. Barium, also known as BRONZE ATLAS or APT41, is a threat actor that has been associated with various malicious activities. Originating from China and active since at least 2007, this group has been implicated in cyberespionage efforts targeting multiple sectors across the globe. In 2017, according t	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Axiom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	Gen. Mark Milley’s Second Act: Multimillionaire
CERT-EU	9 months ago	Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
CERT-EU	9 months ago	Italy commissions study on space-based supercomputers
Recorded Future	10 months ago	What is the Diamond Model of Intrusion Analysis?
CERT-EU	a year ago	Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU	a year ago	Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
CERT-EU	a year ago	Cash management system market size to grow by USD 11.91 billion from 2023 to 2028, Growth driven by demand for real-time tracking of cash movement- Technavio
Securityaffairs	a year ago	Redfly group infiltrated an Asian national grid as long as six months
CERT-EU	a year ago	SpiderOak's John Moberly: OrbitSecure Brings Data Protection Capabilities for Space Systems - ExecutiveBiz
CERT-EU	a year ago	SpiderOak demonstrates OrbitSecure communications with ISS
CERT-EU	a year ago	SpiderOak announces successful demonstration of OrbitSecure on International Space Station
CERT-EU	a year ago	Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group \| IT Security News
Securityaffairs	a year ago	Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
CERT-EU	a year ago	ABCDE co-sponsored a two-month ZK Hacker Camp with Starkware \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	2023年5月勒索软件流行态势分析 - 360CERT
MITRE	2 years ago	Threat Spotlight: Group 72
MITRE	2 years ago	Games are over: Winnti is now targeting pharmaceutical companies
CERT-EU	2 years ago	Boulder County used opioid settlement money to buy controversial phone-hacking tools \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker - National Cyber Security
CERT-EU	2 years ago	Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU	2 years ago	Opinion: Tina Peters’ ankle monitor fashion could spark a new look for the GOP