Axiom

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Axiom is a recognized threat actor, also known as a hacking team, that has been associated with malicious activities. The group has ties to the Chinese intelligence apparatus and has operated under various names such as Winnti, PassCV, APT17, LEAD, BARIUM, Wicked Panda, and GREF. The naming conventions for these groups were established by cybersecurity companies like Kaspersky Lab and Symantec in their 2013/2014 reports. Axiom, along with other groups, utilizes external resources as per the diamond model of intrusion analysis, which states that any intrusion event requires one or more external resources to succeed. The APT41 group, another alias for Axiom, has been active since at least 2007 and is linked to significant cyberespionage activities originating from China. This group has demonstrated its capabilities by exploiting various infrastructure and targets to achieve its goals. Their activities align with the primary axiom of the intrusion analysis model, which emphasizes that every intrusion event involves an adversary using specific capabilities over infrastructure against a victim to produce a result. In recent developments, the term "Axiom" has also been associated with non-malicious entities. For instance, Axiom Space, a company unrelated to the threat actor, announced plans to build and launch an orbital datacenter to support missions aboard its commercial space station. Notably, retired Gen. John W. “Jay” Raymond joined the board of directors for Axiom Space. Furthermore, Axiom Armored is listed as a key player in the cash management system market. It's crucial to differentiate between these entities and the threat actor Axiom to avoid confusion.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Winnti
3
Winnti is a sophisticated threat actor group, first identified by Kaspersky in 2013, with activities dating back to at least 2007. The group has been associated with the Chinese nation-state and is part of a collective known as APT41, which also includes subgroups like Wicked Panda, Suckfly, and Bar
APT41
2
APT41, also known as Winnti, Wicked Panda, and Wicked Spider, is a sophisticated threat actor attributed to China. This group has been active since at least 2012, targeting organizations across 14 countries. The group is known for its extensive use of various code families and tools, with at least 4
Barium
2
Barium, also known as BRONZE ATLAS and part of the APT41 collective, is a China-linked cyberespionage group that has been active since at least 2007. It is associated with several other subgroups, including Wicked Panda, Winnti, Suckfly, and Blackfly. This threat actor has been responsible for vario
GREF
1
GREF, a China-aligned Advanced Persistent Threat (APT) group, has been identified as the orchestrator of two active Android malware campaigns. The campaigns have been distributing a malicious software called BadBazaar via two applications, Signal Plus Messenger and FlyGram, through the Google Play s
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Espionage
Aws
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CerberusUnspecified
1
Cerberus is a type of malware, a harmful software designed to exploit and damage systems. It has been found to be associated with various platforms and versions of Siemens Cerberus PRO UL, including the Compact Panel FC922/924 and the Engineering Tool, all versions prior to MP4. Additionally, Cerber
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Axiom Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Gen. Mark Milley’s Second Act: Multimillionaire
CERT-EU
5 months ago
Hacking firm I-Soon data leak revealed Chinese gov hacking capabilities
CERT-EU
5 months ago
Italy commissions study on space-based supercomputers
Recorded Future
6 months ago
What is the Diamond Model of Intrusion Analysis?
CERT-EU
7 months ago
Best of 2023: Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU
9 months ago
Burning Umbrella: An Intelligence Report on the Winnti Umbrella and Associated State-Sponsored Attackers
CERT-EU
9 months ago
Cash management system market size to grow by USD 11.91 billion from 2023 to 2028, Growth driven by demand for real-time tracking of cash movement- Technavio
Securityaffairs
10 months ago
Redfly group infiltrated an Asian national grid as long as six months
CERT-EU
a year ago
SpiderOak's John Moberly: OrbitSecure Brings Data Protection Capabilities for Space Systems - ExecutiveBiz
CERT-EU
a year ago
SpiderOak demonstrates OrbitSecure communications with ISS
CERT-EU
a year ago
SpiderOak announces successful demonstration of OrbitSecure on International Space Station
CERT-EU
a year ago
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group | IT Security News
Securityaffairs
a year ago
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group
CERT-EU
a year ago
ABCDE co-sponsored a two-month ZK Hacker Camp with Starkware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
a year ago
2023年5月勒索软件流行态势分析 - 360CERT
MITRE
a year ago
Threat Spotlight: Group 72
MITRE
a year ago
Games are over: Winnti is now targeting pharmaceutical companies
CERT-EU
a year ago
Boulder County used opioid settlement money to buy controversial phone-hacking tools | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
Diamond Model of Intrusion Analysis: A Quick Guide
CERT-EU
a year ago
Opinion: Tina Peters’ ankle monitor fashion could spark a new look for the GOP