Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus Leverages Cybersecurity Coalition Research to Detect a Major Threat Actor

In a pioneering cooperative effort, several industry security leaders, including Tenable, have been working on a project led by Novetta Solutions to investigate, report on, and take action against the major threat actor group dubbed “Axiom.” According to Novetta, over the past six years, Axiom’s intelligence-gathering activities have impacted international private organizations primarily in the fields of telecommunications, security, and integrated circuits, and government agencies focusing on aerospace, humanitarian and environmental issues.

The cybersecurity coalition includes companies such as Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Symantec, Tenable, ThreatConnect, ThreatTrack Security, and Volexity. The team coordinated months of remediation efforts against the malware and is now sharing detection and removal guidance. To date, the team has removed Axiom malware from over 43,000 customer systems, 180 of which included HiKit, the actor’s data exfiltration tool.

This coalition is the first of its kind to bring industry leaders together in a new paradigm of sharing technical information and taking proactive measures against a major security threat. The coalition collected and made available a very large sample set of Axiom malware. Tenable’s work with the coalition focused on examining the samples for the detection of remote network backdoors.

The Operation SMN: Axiom Threat Actor Group Report details the coalition’s key findings and guidance for the detection and remediation of the malware. 

Tenable’s Nessus vulnerability scanner already detects most of the families of malware used by Axiom. Nessus can also help customers detect Axiom attacks with the following plugins:

  • Remote detection of the HiKit backdoor client plugin 78429
  • Remote detection of Poison Ivy client plugin 69320
  • Remote detection of ZXShell client and C&C plugin 78430

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save