Axiom is a cyber espionage group suspected to be associated with the Chinese government. It is responsible for the Operation SMN campaign.  Though both this group and Winnti Group use the malware Winnti, the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting.   
|Enterprise||T1015||Accessibility Features||Axiom actors have been known to use the Sticky Keys replacement within RDP sessions to obtain persistence.|
|Enterprise||T1003||Credential Dumping||Axiom has been known to dump credentials.|
|Enterprise||T1001||Data Obfuscation||The Axiom group has used other forms of obfuscation, include commingling legitimate traffic with communications traffic so that network streams appear legitimate. Some malware that has been used by Axiom also uses steganography to hide communication in PNG image files.|
|Enterprise||T1190||Exploit Public-Facing Application||Axiom has been observed using SQL injection to gain access to systems.|
|Enterprise||T1076||Remote Desktop Protocol||The Axiom group is known to have used RDP during operations.|
- Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
- Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
- Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.