Based on MSRT telemetry data, Hikit infections were primarily detected on computers located in the U.S., South Korea, Taiwan, Japan and the European Union. Affected organizations include Asian and Western government agencies, NGOs that deal with human rights and environmental policy, electronics and network equipment manufacturers, venture capital firms, media organizations, telecommunications firms, cloud computing providers and academic institutions.
"Axiom's actions targeting the above industries have fit in particularly well with China's strategic interests and with their most recent Five Year Plans accepted in 2006 and 2011," Novetta said. "The 12th Five Year Plan displays China's new direction of pursuing advanced technology and advanced R&D efforts. As China begins its shift away from dependence on foreign technology (specifically the US), more and more corporations and organizations may be targeted by Axiom, and/or other groups that receive the same or similar tasking, as the Chinese play catch up."
In the past few years, an increasing number of reports have suggested direct links between cyberespionage attacks and the Chinese government, especially China's People's Liberation Army. However, the Chinese government has repeatedly denied allegations that it is involved in cyberattacks against other governments and foreign companies.
The U.S. Department of Justice charged five supposed members of the Chinese People's Liberation Army in May for their roles in state-sponsored attacks that involved hacking into computers of U.S. companies to steal trade secrets. Chinese officials countered with their own accusations that the U.S. has hacked into Chinese government departments, companies and universities and that "China is a victim of severe U.S. cybertheft, wiretapping and surveillance activities."
Novetta's report is accompanied by detailed analyses of the malware used by the Axiom group, as well as hashes and detection signatures.
Sign up for CIO Asia eNewsletters.