New Chinese Cyber-Espionage Group Exposed
Beyond the number of systems Axiom has managed to infiltrate, the group is notable for the swath it has cut across the digital world in its espionage efforts. According to the report by Novetta, Axiom has attacked Fortune 500 companies, human rights organizations, software companies, journalists, academic institutions and government agencies.
Private Sector Goes on Offense
The report represents the first privately sponsored interdiction against a state-sponsored threat , according to Novetta. "A coordinated effort across the private sector can have [a] quantifiable impact on state-sponsored threat actors," it said in its paper announcing the findings.
The effort to unmask Axiom, which Novetta refers to as "Operation SMN", was a coordinated effort among a variety of private tech companies, including Microsoft, Symantec, Cisco and others. The coalition said Axiom appeared to have been responsible for an attack on Google's servers in 2010 that targeted company source code along with information about Chinese dissidents.
Novetta said the coalition also had discovered that Axiom has been active for the last six years, and seems to be particularly well trained and skilled. The group able to generate multiple points of attack for greater flexibility, and is adept at hiding its tracks within normal network traffic to make discovery more difficult.
It also routinely changes the hacking tools it uses, making it more difficult to defend against. The hacking group is more sophisticated than the People's Liberation Army Unit 61398, another hacking group supported by the Chinese military, Novetta said. Unlike Unit 61398, Axiom also focuses on Chinese political dissidents and pro-democracy organizations, in addition to industrial espionage and stealing intellectual property.
Multiple Industries Targeted
Despite Axiom's formidable abilities, the coalition said it was able to effectively counter the group through a global disruption and degradation campaign, Novetta said. Novetta and its partners succeeded in removing Axiom's tools from more than 43,000 computers.
"The unified approach developed within Operation SMN, which united multiple perspectives and capabilities across private industry, provides the highest level of visibility and establishes the foundation necessary to effectively counter a threat of this nature," Novetta said. However, while the location of Unit 61398 was eventually tracked down to a single 12-story building by Internet security company Mandiant, the Novetta coalition has so far been unable to pinpoint Axiom's headquarters.
The organization responsible for directing Axiom appears to be targeting specific industries, including electronics and integrated circuit manufacturers, networking equipment manufacturers, Internet-based services companies, software vendors (particularly in the Asia-Pacific region), law firms with an international or M&A footprint, telecom companies, manufacturing conglomerates, venture capital firms, energy companies, meteorological services companies, cloud computing providers and pharmaceutical manufacturers.
A spokesperson for the Chinese embassy dismissed the report's claims as "fictitious."