Axiom is a cyber espionage group suspected to be associated with the Chinese government. It is responsible for the Operation SMN campaign.  Though both this group and Winnti Group use the malware Winnti, the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting.   
Associated Group Descriptions
The Axiom group has used other forms of obfuscation, include commingling legitimate traffic with communications traffic so that network streams appear legitimate. Some malware that has been used by Axiom also uses steganography to hide communication in PNG image files.
|Enterprise||T1190||Exploit Public-Facing Application|
|Enterprise||T1076||Remote Desktop Protocol|
- Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
- Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
- Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
- Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.
- Esler, J., Lee, M., and Williams, C.. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
- Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.