Group: Axiom, Group 72

From enterprise
Jump to: navigation, search
Axiom, Group 72
Group
ID G0001
Aliases Axiom, Group 72

Axiom is a cyber espionage group suspected to be associated with the Chinese government.1 It is responsible for the Operation SMN campaign.1 Though both this group and Winnti Group use the malware Winnti, the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting.234

Alias Descriptions

  • Group 72 - 5

Techniques Used

  • Accessibility Features - Axiom actors have been known to use the Sticky Keys replacement within RDP sessions to obtain persistence.1
  • Data Obfuscation - Some malware that has been used by Axiom uses steganography to hide communication in PNG image files.1
  • Data Obfuscation - The Axiom group has used other forms of obfuscation, include commingling legitimate traffic with communications traffic so that network streams appear legitimate.1

Software