Axiom

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventions for these groups were established by cybersecurity companies like Kaspersky Lab and Symantec in their 2013/2014 reports. Axiom, along with other groups, utilizes external resources as per the diamond model of intrusion analysis, which states that any intrusion event requires one or more external resources to succeed. The APT41 group, another alias for Axiom, has been active since at least 2007 and is linked to significant cyberespionage activities originating from China. This group has demonstrated its capabilities by exploiting various infrastructure and targets to achieve its goals. Their activities align with the primary axiom of the intrusion analysis model, which emphasizes that every intrusion event involves an adversary using specific capabilities over infrastructure against a victim to produce a result. In recent developments, the term "Axiom" has also been associated with non-malicious entities. For instance, Axiom Space, a company unrelated to the threat actor, announced plans to build and launch an orbital datacenter to support missions aboard its commercial space station. Notably, retired Gen. John W. “Jay” Raymond joined the board of directors for Axiom Space. Furthermore, Axiom Armored is listed as a key player in the cash management system market. It's crucial to differentiate between these entities and the threat actor Axiom to avoid confusion.
What's your take? (Question 1 of 2)
18b4ea57-3f6c-4bde-93e5-86129cd206dd Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Winnti
3
Winnti, also known as Starchy Taurus, APT41, Axiom, Barium, Blackfly, and HOODOO, is a prominent threat actor originating from China. The group has been active since at least 2007 and is notorious for its sophisticated cyberespionage campaigns. The group's activities have been linked to a shared Chi
APT41
2
APT41, also known as Winnti, Wicked Panda, Barium, Suckfly, Earth Freybug, and Daggerfly, is a China-attributed threat actor that has been active since at least 2012. The group has targeted organizations across at least 14 countries, focusing on entities in the South China Sea region. APT41's activi
Barium
2
Barium, also known as BRONZE ATLAS, APT41, TA415, and part of the Winnti Group, is a China-linked cyberespionage threat actor that has been active since at least 2007. Notable for its deployment of sophisticated malware such as ShadowPad and KEYPLUG, Barium has been implicated in numerous cyber atta
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Axiom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Games are over: Winnti is now targeting pharmaceutical companies
CERT-EU
9 months ago
SpiderOak demonstrates OrbitSecure communications with ISS
CERT-EU
7 months ago
Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
CERT-EU
9 months ago
SpiderOak announces successful demonstration of OrbitSecure on International Space Station
CERT-EU
a year ago
Boulder County used opioid settlement money to buy controversial phone-hacking tools | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
Opinion: Tina Peters’ ankle monitor fashion could spark a new look for the GOP
CERT-EU
a year ago
Diamond Model of Intrusion Analysis: A Quick Guide
MITRE
a year ago
Threat Spotlight: Group 72
CERT-EU
a year ago
2023年5月勒索软件流行态势分析 - 360CERT
CERT-EU
10 months ago
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group | IT Security News
Securityaffairs
10 months ago
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
Recorded Future
4 months ago
What is the Diamond Model of Intrusion Analysis?
CERT-EU
5 months ago
Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU
3 months ago
Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
CERT-EU
7 months ago
Cash management system market size to grow by USD 11.91 billion from 2023 to 2028, Growth driven by demand for real-time tracking of cash movement- Technavio
CERT-EU
a year ago
ABCDE co-sponsored a two-month ZK Hacker Camp with Starkware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Securityaffairs
9 months ago
Redfly group infiltrated an Asian national grid as long as six months
CERT-EU
3 months ago
Gen. Mark Milley’s Second Act: Multimillionaire
CERT-EU
3 months ago
Italy commissions study on space-based supercomputers
CERT-EU
9 months ago
SpiderOak's John Moberly: OrbitSecure Brings Data Protection Capabilities for Space Systems - ExecutiveBiz