Group: Axiom, Group 72

From enterprise
Jump to: navigation, search
Axiom, Group 72
ID G0001
Aliases Axiom, Group 72

Axiom is a cyber espionage group suspected to be associated with the Chinese government. It is responsible for the Operation SMN campaign.1 Though both this group and Winnti Group use the malware Winnti, the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting.234

Alias Descriptions

  • Axiom - 1
  • Group 72 - 5

Techniques Used

  • Data Obfuscation - The Axiom group has used other forms of obfuscation, include commingling legitimate traffic with communications traffic so that network streams appear legitimate. Some malware that has been used by Axiom also uses steganography to hide communication in PNG image files.1