Axiom APT, 3 Minute Profile

Since 2009, this group has been targeting networks in a broad range of sectors who possess confidential or classified information. Axiom campaigns share infrastructure, malware, or attack techniques with Operation Aurora (2009), the Elderwood Project (2009-2014), the VOHO campaign (2012), the Shell_Crew attacks on ColdFusion servers (2013), Operation Ephemeral Hydra (2013), Operation Snowman (2014), and 2014 attacks on American Middle Eastern Policy think tanks. Axiom could be connected to some of these other groups; however, it is more likely that Axiom advantageously adopts zero-day exploits or malware that are effective in other campaigns. It is possible that Axiom acquires its malware on deepnet or through underground trade. The group is likely Chinese state sponsored, but there are no definitive links connecting it to the Third Department, which houses China’s offensive threat groups Putter Panda and APT1. Axiom malware was configured to use simplified Chinese language settings and some of the filenames are in Chinese. It is more sophisticated in its operations than the aforementioned Third Department groups.

apt17