Axiom
Aliases: Group 72
Axiom is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between Axiom and Winnti Group but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.
Open interactive actor investigation
ATT&CK techniques
T1001.002
SteganographyT1005
Data from Local SystemT1560
Archive Collected DataT1584.005
BotnetT1189
Drive-by CompromiseT1553
Subvert Trust ControlsT1021.001
Remote Desktop ProtocolT1583.002
DNS ServerT1203
Exploitation for Client ExecutionT1078
Valid AccountsT1583.003
Virtual Private ServerT1563.002
RDP HijackingT1546.008
Accessibility FeaturesT1566
PhishingT1190
Exploit Public-Facing ApplicationT1003
OS Credential DumpingT1001
Data Obfuscation
SteganographyT1005
Data from Local SystemT1560
Archive Collected DataT1584.005
BotnetT1189
Drive-by CompromiseT1553
Subvert Trust ControlsT1021.001
Remote Desktop ProtocolT1583.002
DNS ServerT1203
Exploitation for Client ExecutionT1078
Valid AccountsT1583.003
Virtual Private ServerT1563.002
RDP HijackingT1546.008
Accessibility FeaturesT1566
PhishingT1190
Exploit Public-Facing ApplicationT1003
OS Credential DumpingT1001
Data Obfuscation