Axiom: A Highly Sophisticated Cyber Espionage Group



Axiom is a highly sophisticated suspected Chinese cyber espionage group. It has targeted aerospace, defense, and the other government as well as media and manufacturing industries since 2008. It seems identical to the Winnti group and distinct according to their TTPs and targeting. It had attacked countries like North America, Europe, and East and Southeast Asia. 


Some of the main characteristics of the Axiom hacker group are as follows:

  • They use sphere phishing to attack, along with Adobe Ghost, Poison Ivy, and Torn RAT malwares. 

  • This group has been active at least since 2008 and is estimated to have been backed by the Chinese government. It uses many malwares identical to the ones used in Chinese government operations, indicating some form of collaboration. 

  • It has the ability to leverage publicly available tools. It initially starts by tricking the victims via phishing emails before deploying the malwares like Ghost RAT trojan to maintain its persistence on a compromised network. 

  • It extensively make use of a compromised website and web-server for its attack. It leverages a large amount of cache of tools in its campaign and also includes the exploits to take advantage of the known CVE software vulnerabilities. 

  • Once inside, it gains usernames and passwords via its credential-harvesting tools. After that, it can easily reach anything across the network and move laterally within the environment to ultimately steal the confidential data. 


In order to overcome such attacks a highly advanced cybersecurity program must be utilized. It should also contain some of the most advanced security solutions, email as well as web content filtering, antiviruses, and threat hunting measures. Application of Zero Trust Model, Multifactor Authentication, in-depth defense, etc., are a must to prevent and mitigate the potential damage done by Axiom.


Axiom poses a great threat to various government organizations of different countries. However, it is not impossible to stop and/or mitigate its attacks. Making use of all the advanced anti-threat technologies can surely help in identifying and hunting its malware or spyware. Regular trainings of employees regarding various threat actors and regular network checkups can be of great help in fighting with it.

To know more, read- Axiom


Popular posts from this blog

Threat Hunting in Microsoft Sentinel (part 1)

Work with String Data Using KQL Statements

Operational Tasks for Microsoft Sentinel