'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
Microsoft (MSFT.O), opens new tab and CrowdStrike (CRWD.O), opens new tab said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage.
'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security.
How meaningful the effort ends up being remains to be seen.
Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.
Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky.
Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.
In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.'
But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, opens new tab, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.'
Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.'
'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said.
Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.
Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
6 minutes ago
- The Independent
Air Canada could shut down completely unless the airline and its flight attendants reach a deal
A complete shutdown of Air Canada is looming if the union representing the flight attendants of the country's dominant air carrier and the airline fail to reach an agreement by early Saturday. More than 10,000 flight attendants are poised to walk off the job around 1 a.m. EST on Saturday, followed by a company-imposed lockout. It threatens to impact about 130,000 travelers a day. The Canadian carrier said it expects to call off 500 flights by the end of Friday ahead of the deadline. It already started canceling flights on Thursday in expectation of the massive work stoppage that could impact hundreds of thousands of travelers. A full grounding could affect some 25,000 Canadians a day abroad who may become stranded. "We strongly urge the parties to work with federal mediators and get a deal done. Time is precious and Canadians are counting on you," Federal Jobs Minister Patty Hajdu said in a statement Friday. By midday Friday, Air Canada had called off 87 domestic flights and 176 international flights that were scheduled to depart on Friday and Saturday, according to aviation analytics firm Cirium. On Thursday, when the airline said it was beginning it's 'phased wind down' of most operations, 18 domestic flights and four international flights were canceled. Canadian Union of Public Employees, or CUPE, which represents the flight attendants, refused to voluntarily submit to arbitration. 'The appropriate course of action is for Air Canada to return to the table and resume good faith bargaining,' it said in a statement. The union, which represents about 10,000 Air Canada flight attendants, and the airline say disagreements over key issues, including pay raises, have brought contract talks to a standstill. How long the planes will be grounded remains to be seen. Air Canada Chief Operating Officer Mark Nasr said the decision to lock out the union members even if it meant halting flights would help facilitate an orderly restart, 'which under the best circumstances will take a full week to complete.' Air Canada and CUPE have been in contract talks for about eight months, but they have yet to reach a tentative deal. The union put it to a vote at the end of July and 99.7% approved a strike. On Wednesday, it gave Air Canada a 72-hour strike notice. The airline responded with a so-called lockout notice, saying it would prevent the flight attendants from working on Saturday. The union said it rejected a proposal from the airline to enter a binding arbitration process that would have prevented flight attendants from walking off the job, saying it prefers to negotiate a deal that its members can then vote on.
Daily Mail
6 minutes ago
- Daily Mail
Tarek El Moussa gets battery charge from Las Vegas scuffle dismissed - after fulfilling certain conditions
Tarek El Moussa is no longer in legal jeopardy after he was charged with misdemeanor battery following a Las Vegas scuffle - his case has now been dismissed. According to court records obtained by the Daily Mail, El Moussa, 43, was facing a misdemeanor battery charge over the incident, but he was able to participate in the court's Pre-Prosecution Diversion Program where he was ordered to complete 'impulse control counseling' and to 'stay out of trouble.' El Moussa was able to show proof that he completed the diversion program requirements, and a judge dismissed his case on Aug. 5. has reached out to a representative for El Moussa for comment but did not immediately hear back. The altercation occurred in June at The Palazzo at the Venetian hotel between Tarek and another male, whose identity has yet to be revealed, as confirmed by a spokesperson for the Las Vegas Metropolitan Police Department. Witnesses claimed that Tarek drove his knee into the man's head, knocking him out. Tarek El Moussa is no longer in legal jeopardy following his Las Vegas scuffle - his case has now been dismissed; pictured January 2025 A source told at the time that Tarek was defending his elderly father when the squabble occurred. The HGTV personality was cited for battery for the incident but was not arrested over it. Tarek's wife, Selling Sunset star Heather Rae El Moussa, was present at the time, but had no involvement in the physical violence. TMZ obtained a Las Vegas Metropolitan PD report that alleged the violent bust-up was captured on casino surveillance video. According to the report, the fight kicked off after Tarek's alleged victim allegedly bumped into the HGTV star's father's chair at a roulette table inside The Palazzo. The bump-in reportedly upset Tarek's father, who allegedly turned around in his seat to face the man. After Tarek's father turned his back, the man allegedly tapped him on the right shoulder and said something to him that reportedly caused Tarek, who was seated near his father, to get involved. Tarek allegedly got up from his seat and 'charged at the man, pushing him back before the two got into a 'fighting stance.'' As per the police report, Tarek's adversary allegedly went for the star's legs in an attempt to take him down. But Tarek allegedly proceeded to knee the man to the floor. The police then claimed that Tarek 'mounted the man's back and pummeled him with three blows to the head.' A source told at the time that Tarek was defending his elderly father when the squabble occurred (Las Vegas sign pictured April 2017) After the 'three blows to the head,' Tarek allegedly 'got up and walked away.' The incident was called in as an 'assault/battery' and the alleged victim told police that he wanted to press charges. The report claimed that the man suffered several injuries as a result of the casino altercation, including 'purple and red bruises under the right eye and a cut on the bridge of his nose.' The police said that the alleged victim's account of the fight with Tarek differed slightly from what they had viewed on the hotel's surveillance footage. According to cops, the man claimed he was 'aggressively approached' by Tarek at the roulette table before allegedly being 'assaulted' by him. The man insisted he was trying to defend himself. Tarek was also interviewed by police. He insisted that he only confronted the man to 'protect his Dad due to him having back problem.' However, Tarek stopped speaking with cops after his Miranda rights were read, according to TMZ. In a statement to the outlet at the time, Tarek's attorneys David Chesnoff and Richard Schonfeld said: 'Tarek intends to contest these allegations in a court of law where he will assert his right to self-defense and the defense of his elderly and infirmed father.'
The Independent
6 minutes ago
- The Independent
The US plans to build a $750M fly factory in Texas to stop a flesh-eating cattle parasite
The U.S. plans to build a $750 million factory in southern Texas to breed billions of sterile flies, ramping up its efforts to keep flesh-eating maggots in Mexico from crossing the border and damaging the American cattle industry. Secretary Brooke Rollins announced Friday that the U.S. Department of Agriculture hopes to be producing and releasing sterile male New World screwworm flies into the wild within a year from the new factory on Moore Air Base outside Edinburg, Texas, about 20 miles (32 kilometers) from the border. She also said the USDA plans to deploy $100 million in technology, such as fly traps and lures, and step up border patrols by 'tick riders' mounted on horseback and train dogs to sniff out the parasite. In addition, Rollins said the U.S. border will remain closed to cattle, horse and bison imports from Mexico until the U.S. sees that the pest is being pushed back south toward Panama, where the fly had been contained through late last year through the breeding of sterile flies there. The U.S. has closed its border to those imports three times in the past eight months, the last in July, following a report of an infestation about 370 miles (595 kilometers) from the Texas border. American officials worry that if the fly reaches Texas, its flesh-eating maggots could cause billions of dollars in economic losses and cause already record retail beef prices to rise even more, fueling greater inflation. The parasite also can infest wildlife, household pets and, occasionally, humans. 'Farm security is national security,' Rollins said during a news conference at the Texas State Capitol in Austin with Texas Gov. Greg Abbott. 'All Americans should be concerned. But it's certainly Texas and our border and livestock producing states that are on the front lines of this every day.' The pest was a problem for the American cattle industry for decades until the U.S. largely eradicated it in the 1970s by breeding and releasing sterile male flies to breed with wild females. It shut down fly factories on U.S. soil afterward. The Mexican cattle industry has been hit hard by infestations and the U.S. closing its border to imports. Mexico's Agriculture ministry said in a statement Friday that Mexico Agriculture and Rural Development Secretary Julio Berdegué Sacristán and Rollins signed a screwworm control action plan. It includes monitoring with fly-attracting traps and establishing that livestock can only be moved within Mexico through government-certified corrals, the statement said. And on the X social media platform, Berdegué said, 'We will continue with conversations that lead to actions that will permit the reopening of livestock exports." The new fly-breeding factory in Texas would be the first on U.S. soil in decades and represents a ramping up of the USDA's spending on breeding and releasing sterile New World screwworm flies. The sterile males are released in large enough numbers that wild females can't help but mate with them, producing sterile eggs that don't hatch. Eventually, the wild fly population shrinks away because females mate only once in their weekslong lives. In June, Rollins announced a plan to convert an existing factory for breeding fruit flies into one for breeding sterile New World Screwworm flies, as well as a plan to build a site, also on the air base near Edinburg, for gathering flies imported from Panama and releasing them from small aircraft. Those projects are expected to cost a total of $29.5 million. The Panama fly factory can breed up to 117 million flies a week, and the new Mexican fly factory is expected to produce up to 100 million more a week. Rollins said the new Texas factory would produce up to 300 million a week. She said President Donald Trump's administration wants to end the U.S. reliance on fly breeding in Mexico and Panama. 'It's a tactical move that ensures we are prepared and not just reactive, which is today what we have really been working through,' Rollins said. ___
