The Axiom group is a Chinese, potentially state-sponsored, threat actor that compromises systems that contain information of value to advancing China’s 12th Five Year Plan. It was investigated in the October 2014 Operation SMN, a joint operation between private firms, led by Novetta which released information and led to the removal of Axiom malware from over 43,000 systems.
Since 2009, this group has been targeting networks in a broad range of sectors who possess confidential or classified information. Axiom campaigns share infrastructure, malware, or attack techniques with Operation Aurora (2009), the Elderwood Project (2009-2014), the VOHO campaign (2012), the Shell_Crew attacks on ColdFusion servers (2013), Operation Ephemeral Hydra (2013), Operation Snowman (2014), and 2014 attacks on American Middle Eastern Policy think tanks. Axiom could be connected to some of these other groups; however, it is more likely that Axiom advantageously adopts zero-day exploits or malware that are effective in other campaigns. It is possible that Axiom acquires its malware on deepnet or through underground trade.
No comments:
Post a Comment