Microsoft has overhauled its cyber threat operation nomenclature systems, with hackers now being named after weather events, reports The Verge.
Nation-state hacking groups will be named according to their country of origin, with Russian and Chinese attackers having the 'Blizzard' and 'Typhoon' monikers, respectively, while those from Iran and North Korea will be designated 'Sandstorm' and 'Sleet', respectively. Under the new naming scheme, Russian state-sponsored threat group Cozy Bear will now be tracked as Midnight Blizzard.
Moreover, financially motivated threat operations will receive the 'Tempest' name, with the Lapsus$ hacking group now referred to as Strawberry Tempest. On the other hand, the 'Tsunami' name has been given to private sector offensive actors, while 'Flood' has been used to refer to influence operations.
Meanwhile, new or unknown attackers will be given the 'Storm' designation along with a four-digit number.
"We realize that other vendors in the industry also have unique naming taxonomies representing their distinct view of threats based on their intelligence. Therefore, we will strive to also include other threat actor names within our security products to reflect these analytic overlaps and help customers make well-informed decisions," said Microsoft Corporate Vice President of Threat Intelligence.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.
CyberScoop reports that over 100 Ukrainian local government and police documents uploaded to VirusTotal in February were discovered to have been infected with the OfflRouter malware, which dates back to 2015 and could only spread through already compromised files and removable media devices.