← All Threat Actors
Threat Actor Profile

Axiom

G0001 Group 72
▲ High Threat
[Axiom](https://attack.mitre.org/groups/G0001) is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between [Axiom](https://attack.mitre.org/groups/G0001) and [Winnti Group](https://attack.mitre.org/groups/G0044) but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015)
Origin

Known TTPs

Steganography
Data from Local System
Archive Collected Data
Botnet
Drive-by Compromise
Subvert Trust Controls
Remote Desktop Protocol
DNS Server
Exploitation for Client Execution
Valid Accounts
Virtual Private Server
RDP Hijacking
Accessibility Features
Phishing
Exploit Public-Facing Application
OS Credential Dumping

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD