An alliance of security researchers has identified a sophisticated cyber espionage group, claimed to be backed by Chinese government, which has not only been targeting US and Western government agencies but also dissidents within and outside China.
The latest ‘Operation SMN: Axiom Threat Actor Group Report’ comes before Secretary of State John F. Kerry and President Obama are set to visit Beijing for a highlevel talks including contentious issues related to cybersecurity.
Dubbed Axiom, the group has been mainly targeting intelligence that benefits Chinese domestic and international policies, including snooping on dissidents; industrial espionage and stealing intellectual property.
The report claims Axiom as a well resourced, disciplined, and complicated subgroup of a major cyber intelligence group that has been effectively managing activities for more than six years.
The report was prepared by a group led by Novetta, and the coalition includes other security firms like Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect, ThreatTrack Security, Volexity and other partners.
Novetta CEO Peter LaMontagne said: "This coordinated effort by security industry leaders is the first of its kind and has had a quantifiable impact on state-sponsored threat actors.
"The Axiom threat group is a well resourced, disciplined, and sophisticated cyber espionage group operating out of mainland China.
"Through this initiative, we provided tools and technical assistance via the coalition on a large scale that will not only better protect coalition customers but also force Axiom to use new exploits and thereby spend more resources.
"Coalescing multiple industry perspectives and technical capabilities provided the highest level of visibility we have ever seen in such an effort and established the foundation to deliver the intended effects against a threat of this nature."
Further, FBI noted that Axiom’s effort is more sophisticated compared to People’s Liberation Army hacker unit, Unit 61398.
The research alliance detected and removed Axiom malicious code been from 43,000 computers used by law enforcement and other government agencies; journalists; telecommunication; and energy firms; and human rights and pro-democracy groups.
Further, the report indicates that Axiom may be responsible for a high-profile cyber attack on Google in 2010.
Recently, a coalition of US security firms launched ‘Operation SMN’ targeted the backdoor malware Hikit, which is used by several Chinese hacking groups to remotely access computers to upload malware and send instructions.
