'Midnight Blizzard', 'Cozy Bear' and more ...How Microsoft, Google and other tech companies plans to untangle weird hacker nicknames
Palo Alto Networks
have announced that they will create a public glossary for
state-sponsored hacking groups
and cybercriminals. The goal is to reduce confusion caused by numerous unofficial nicknames for these entities.
Microsoft
and CrowdStrike expressed hopes of involving other industry partners and the US government in this effort to identify threat actors.
"We do believe this will accelerate our collective response and collective defense against these threat actors," stated Vasu Jakkal, corporate vice president at Microsoft Security.
Why it matters for US government and researchers
Cybersecurity companies
have long assigned coded names to hacking groups because attributing digital attacks can be difficult. Researchers need a way to track their adversaries.
These names vary from functional, like "APT1" (Mandiant) or "TA453" (Proofpoint), to more colorful aliases such as "Earth Lamia" (TrendMicro) or "Equation Group" (Kaspersky). CrowdStrike's evocative names, like "
Cozy Bear
" for Russian hackers and "Kryptonite Panda" for Chinese groups, have been particularly popular, leading others to adopt similar styles. For example, Secureworks (now owned by Sophos) began using "Iron Twilight" for Russian hackers previously known as "TG-4127" in 2016.
Microsoft also recently changed its naming convention from element-themed names like "Rubidium" to weather-themed ones such as "Lemon Sandstorm" or "Sangria Tempest."
"But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action," Jakkal said.
However, the proliferation of these unique aliases has created overload. A 2016 U.S. government report on hacking attempts against the election caused confusion by using 48 different nicknames for various Russian hacking groups and malicious programs, including "Sofacy," "Pawn Storm," and "Tsar Team."
Michael Sikorski, CTO for Palo Alto's threat intelligence unit, called the initiative a "game-changer," noting, "Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity."
Adam Meyers, CrowdStrike's senior vice president of Counter Adversary Operations, highlighted an early success. He reported that the initiative already helped his analysts link a group Microsoft named "Salt Typhoon" with CrowdStrike's "Operator Panda."
5 biggest AI announcements at Microsoft Build 2025
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Indian Express
10 minutes ago
- Indian Express
Trump hoping to achieve halt to Ukraine fighting in Putin talks, Rubio says
US President Donald Trump will go into talks with Russian President Vladimir Putin in Alaska on Friday hoping to achieve a halt to the fighting in Ukraine, but a comprehensive solution to the war will take longer, U.S. Secretary of State Marco Rubio said. 'To achieve a peace, I think we all recognize that there'll have to be some conversation about security guarantees. There'll have to be some conversation about … territorial disputes and claims, and what they're fighting over,' Rubio told reporters at the State Department on Thursday. 'All these things will be part of a comprehensive thing. But I think the President's hope is to achieve some stoppage of fighting so that those conversations can happen.' Rubio said that the longer wars go on, the harder they are to end. 'And even as I speak … there are changes happening in the battlefield which have an impact on what one side views as leverage or the other. So that's the reality of ongoing fighting, which is why a ceasefire is so critical,' he said. 'But we'll see what's possible tomorrow. Let's see how the talks go. And we're hopeful. We want there to be a peace. We're going to do everything we can to achieve one, but ultimately it'll be up to Ukraine and Russia to agree to one.' Rubio said preparations for the meeting were going 'very fast,' as it had been put together very quickly. He said he believed Trump had spoken by phone to Putin four times and 'felt it was important to now speak to him in person and look him in the eye and figure out what was possible and what isn't.' 'He sees an opportunity to talk about achieving peace. He's going to pursue it, and we'll know tomorrow at some point, as the President said, probably very early in that meeting, whether something is possible or not. We hope it is.'
The Hindu
10 minutes ago
- The Hindu
India ‘fully engaged' with U.S. on trade deal, says Commerce Secretary
India continues to be 'fully engaged' with the U.S. on a Bilateral Trade Agreement, Commerce Secretary Sunil Barthwal said on Thursday, however adding that the date for the next round of negotiations has not yet been decided. He reiterated the deadline for the deal as fall 2025, or September-October 2025, as announced by Prime Minister Narendra Modi and U.S. President Donald Trump. Official sources have also confirmed that India was working with both the U.K. and the EU to fast-track the implementation of the respective trade deals India was concluding with them. During the Indian team's visit to Washington in July to continue negotiations on the deal, it had been decided that the next round would take place in New Delhi during the last week of August. However, a lot has changed since then. US President Donald Trump on July 31 approved a 25% tariff on imports from India, and then on August 6 approved an additional 25% tariffs as a 'penalty' for India's imports of Russian oil. Mr. Trump has also indicated that further negotiations would not take place until the Russia oil issue was resolved. Against this backdrop of uncertainty, Mr. Barthwal said that negotiations on the BTA were still progressing. Negotiations progressing 'We are fully engaged with the U.S. on the trade negotiations,' Mr. Barthwal said at a press briefing. 'There was a joint statement that was given by the U.S. President and our Prime Minister where it was said India and the U.S. would engage in a bilateral trade agreement and simultaneously we would also aim to more than double our trade to $500 billion.' 'Those talks are going on,' he added. 'The BTA talks are going on. We are engaged.' However, Mr. Barthwal added that the final date for the next round of negotiations would be decided closer to the last week of August. According to official sources who declined to be named, the negotiations and engagement between India and the U.S. was taking place at different levels. 'One level is at the negotiating team' level, another one happens at the Ministers' level, the third happens at the diplomatic levels, and we also engage the different industries of the U.S. to look into their issues,' the official explained. Other deals being fast-tracked The India-United Kingdom Comprehensive Economic and Trade Agreement (CETA), signed in July, is now in the final stage where the UK is concluding its due processes in its Parliament. 'We have requested the UK to fast-track this process so it comes into force as early as possible,' another government source said. They added that the Trade and Economic Partnership Agreement (TEPA) between India and the EFTA countries — Iceland, Liechtenstein, Norway and Switzerland — would come into force on October 1. 'With the EU, we are fast-tracking the negotiations,' they explained. 'But a lot of work has progressed and it was decided that the FTA would be concluded by the end of December. It has made good progress and there are further meetings that are going to happen, at the negotiators' level, the Secretary level, and at the Ministerial level.' With Oman, the talks on a trade agreement have concluded and the deal will be signed 'very soon', when the dates are decided by both countries. Good progress with ASEAN countries The negotiating team representing the Association of Southeast Asian Nations (ASEAN) countries was in India between August 10-14 to review the Trade in Goods Agreement between the two. 'We are telling them that we need to increase trade between India and ASEAN,' the official said. 'Everybody is concerned about the uncertain global policy environment. They have realised that both ASEAN and India move forward and improve trade between the two blocks.' They added that India and the ASEAN countries were not only looking at tariff issues but also non-tariff issues, such as Sanitary and Phytosanitary (SPS) measures and Technical Barriers to Trade (TBT) and regulatory compliances. 'Since these are issues that require deep analysis, that analysis is going on,' the official said. 'This round has been quite fruitful. There is a lot of clarity on how we should move forward.'
Hindustan Times
10 minutes ago
- Hindustan Times
Russia bans Reporters Without Borders, puts press freedom group on ‘undesirable' list
Russia has put Reporters Without Borders (RSF) on its list of "undesirable" organisations, effectively banning the media watchdog from operating in the country, Moscow's justice ministry register showed Thursday. The Kremlin has escalated its decade-long clampdown on independent media after sending troops to Ukraine in 2022.(AP) Under a controversial law passed in 2015, but rarely used before its offensive on Ukraine, Russia can ban overseas organisations deemed a threat to national security. Being branded as "undesirable" criminalises the group and puts its staff at risk of prosecution. The Kremlin has escalated its decade-long clampdown on independent media after sending troops to Ukraine in 2022, imposing sweeping censorship laws that effectively ban criticism of the army. RSF, based in France, regularly denounces attacks on freedom of expression and helps persecuted journalists. Only last month, a Russian court jailed a journalist and former volunteer for the late opposition leader Alexey Navalny -- whose organisations have been declared "extremist" in Russia -- for 12 years. Reporters Without Borders described her imprisonment as a "symbol of the Kremlin's repression of independent voices" and called for her release, as for all journalists in Russian detention. The list of "undesirable" entities maintained by the justice ministry targets around 250 organisations now, including Amnesty International, Greenpeace, and Yale University. It also features groups controlled by people long reviled by Russian authorities, including Hungarian-born billionaire George Soros and Mikhail Khodorkovsky, a Russian tycoon who opposed President Vladimir Putin.
