Threat Management

New threat group naming scheme introduced by Microsoft

Microsoft has overhauled its cyber threat operation nomenclature systems, with hackers now being named after weather events, reports The Verge. Nation-state hacking groups will be named according to their country of origin, with Russian and Chinese attackers having the 'Blizzard' and 'Typhoon' monikers, respectively, while those from Iran and North Korea will be designated 'Sandstorm' and 'Sleet', respectively. Under the new naming scheme, Russian state-sponsored threat group Cozy Bear will now be tracked as Midnight Blizzard. Moreover, financially motivated threat operations will receive the 'Tempest' name, with the Lapsus$ hacking group now referred to as Strawberry Tempest. On the other hand, the 'Tsunami' name has been given to private sector offensive actors, while 'Flood' has been used to refer to influence operations. Meanwhile, new or unknown attackers will be given the 'Storm' designation along with a four-digit number. "We realize that other vendors in the industry also have unique naming taxonomies representing their distinct view of threats based on their intelligence. Therefore, we will strive to also include other threat actor names within our security products to reflect these analytic overlaps and help customers make well-informed decisions," said Microsoft Corporate Vice President of Threat Intelligence.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.