'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage.
'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security.
How meaningful the effort ends up being remains to be seen.
Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.
Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky.
Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.
In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.'
But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.'
Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.'
'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said.
Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.
Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNA
11 hours ago
- CNA
Canadian government moves to end Air Canada strike, seeks binding arbitration
OTTAWA: The Canadian government on Saturday (Aug 16) moved to end a strike by Air Canada 's cabin crews and require binding arbitration to break their contract impasse, an action that the country's largest carrier had sought but unionized flight attendants fiercely opposed. Thousands of Air Canada flight attendants walked off the job just before 1am ET (1pm, Singapore time), after months of negotiations over a new contract. In anticipation of the stoppage, the airline canceled nearly all of its 700 daily flights, forcing more than 100,000 travelers to scramble for alternatives or stay put. The most contentious issue in the contract negotiations has been the union's demand for compensation for time spent on the ground between flights and when helping passengers board. Attendants are currently paid only when their plane is moving. Jobs Minister Patty Hajdu said at a news conference she had asked the Canada Industrial Relations Board to impose binding arbitration on both sides and order an immediate end to the strike. Still, it may take days before the board grants the request and for the airline to fully restore its operations. "This is not a decision that I've taken lightly, but the potential for immediate negative impact on Canadians and our economy is simply too great," Hajdu said. Air Canada had asked Prime Minister Mark Carney's minority Liberal government to make the request, but the Canadian Union of Public Employees said it wanted a negotiated solution, as binding arbitration would take pressure off the airline. The minister said the government preferred negotiated settlements to labor disputes, but the current impasse showed the two sides would not find a solution soon enough to spare the economy further damage. She said Canada had already experienced "unprecedented attacks on trade," referring to tariffs imposed by the Trump administration on US-bound shipments. Minutes after the announcement, CUPE blasted the government's decision. "The Liberal government is rewarding Air Canada's refusal to negotiate fairly by giving them exactly what they wanted," it said in a statement posted on X. Henly Larden, an Air Canada flight attendant and a vice-president at CUPE, called the government's move "incredibly disgusting." "Air Canada should come and join us in good faith and address the matters that really resonate with our members,' a visibly emotional Larden said in a shaken voice at Vancouver airport. Air Canada had no immediate comment about Hajdu's decision, saying "it is premature to comment as the CIRB process is underway." CUPE spokesperson Hugh Pouliot told Reuters that the strike will end only when the CIRB issues binding arbitration notice to the parties, which could take a few days. Air Canada also said it was premature to comment about restarting the airline. Earlier it indicated it would take four to five days to resume full operations, Hajdu said, assuming the board granted the government's request, which it usually does. While passengers have generally voiced support for the flight attendants on social media, Canadian businesses, already reeling from a trade dispute with the US, have urged the federal government to impose binding arbitration and cut short the strike. "With both parties declaring an impasse in negotiations, with valuable cargo grounded and passengers stranded, the government made the right decision to refer the two sides to binding arbitration," Matthew Holmes, chief of public policy for the Canadian Chamber of Commerce, said in a statement. WAGE DISPUTE While the most contentious topic was compensation for time spent on the ground, there was also disagreement over broader wage issues. The carrier had offered a 38 percent increase in total compensation for flight attendants over four years, with a 25 percent raise in the first year, which CUPE said was insufficient. The union has said Air Canada offered to compensate flight attendants for some work that is now unpaid at 50 percent of their hourly rate. A source close to the negotiations told Reuters the union was looking for parity on wages with Canadian leisure carrier Air Transat. Its flight attendants approved a contract last year that provided for total compounded increases of 30 percent over five years, making them the highest paid in the industry in Canada. Air Canada did not confirm if such a proposal had been put forth by the union. Wesley Lesosky, president of the Air Canada component of CUPE, said in a press conference in Toronto earlier on Saturday that there were no bargaining sessions scheduled between the two sides, which have held on-and-off negotiations for months. Earlier in the day outside Toronto Pearson International Airport, the country's busiest, hundreds of cabin crew waved flags, banners and picket signs. Union officials called on members to assemble outside all of the country's major airports, including in Toronto, Montreal, Calgary and Vancouver. Montreal-based Air Canada had said the suspended flights included those operated by its budget arm, Air Canada Rouge. Flights by Air Canada's regional affiliates - Air Canada Jazz and PAL Airlines - were operating as usual. Hajdu told reporters she had also asked the country's industrial relations board to extend the terms of the existing collective agreement until a new one is determined by the arbitrator. The Canada Labour Code gives the government the right to ask the industrial relations board to impose binding arbitration in the interests of protecting the economy.
CNA
a day ago
- CNA
OpenAI staff looking to sell $6 billion in stock to SoftBank, others, source says
Current and former employees of OpenAI are looking to sell nearly $6 billion worth of the ChatGPT maker's shares to investors including SoftBank Group and Thrive Capital, a source familiar with the matter told Reuters on Friday. The potential deal would value the company at $500 billion, up from $300 billion currently, underscoring both OpenAI's rapid gains in users and revenue, as well as the intense competition among artificial intelligence firms for talent. SoftBank, Thrive and Dragoneer Investment Group did not immediately respond to requests for comment. All three investment firms are existing OpenAI investors. Bloomberg News, which had earlier reported the development, said discussions are in early stages and the size of the sale could change. The secondary share sale investment adds to SoftBank's role in leading OpenAI's $40 billion primary funding round. Bolstered by its flagship product ChatGPT, OpenAI doubled its revenue in the first seven months of the year, reaching an annualized run rate of $12 billion, and is on track to reach $20 billion by the end of the year, Reuters reported earlier in August.
CNA
a day ago
- CNA
Meta plans fourth restructuring of AI efforts in six months, The Information reports
Meta is planning its fourth overhaul of artificial intelligence efforts in six months, The Information reported on Friday, citing three people familiar with the matter. The company is expected to divide its new AI unit, Superintelligence Labs, into four groups: a new "TBD Lab," short for to be determined; a products team including the Meta AI assistant; an infrastructure team; and the Fundamental AI Research (FAIR) lab focused on long-term research, the report said, citing two people. Meta did not immediately respond to a request for comment. Reuters could not independently verify the report. As Silicon Valley's AI contest intensifies, CEO Mark Zuckerberg is going all-in to fast-track work on artificial general intelligence — machines that can outthink humans — and help create new cash flows. Meta recently reorganized the company's AI efforts under Superintelligence Labs, a high-stakes push that followed senior staff departures and a poor reception for Meta's latest open-source Llama 4 model. The social media giant has tapped U.S. bond giant PIMCO and alternative asset manager Blue Owl Capital to spearhead a $29 billion financing for its data center expansion in rural Louisiana, Reuters reported earlier this month. In July, Zuckerberg said Meta would spend hundreds of billions of dollars to build several massive AI data centers. The company raised the bottom end of its annual capital expenditures forecast by $2 billion, to a range of $66 billion to $72 billion last month. Rising costs to build out data center infrastructure and employee compensation costs — as Meta has been poaching researchers with mega salaries — would push the 2026 expense growth rate above the pace in 2025, the company has said.
