'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
WASHINGTON, June 2 (Reuters) - Microsoft, CrowdStrike, Palo Alto (PANW.O), opens new tab and Alphabet's (GOOGL.O), opens new tab Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them.
Microsoft (MSFT.O), opens new tab and CrowdStrike (CRWD.O), opens new tab said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage.
'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security.
How meaningful the effort ends up being remains to be seen.
Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.
Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky.
Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.
In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.'
But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, opens new tab, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.'
Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.'
'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said.
Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.
Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Reuters
14 minutes ago
- Reuters
Sean 'Diddy' Combs dangled Cassie's friend off balcony, jury hears
NEW YORK, June 4 (Reuters) - Hip-hop mogul Sean "Diddy" Combs dangled a friend of his former girlfriend Casandra Ventura off the balcony of a high-rise apartment in September 2016, the friend testified on Wednesday at Combs' sex trafficking trial. "I was held over a 17-story balcony," Bryana Bongolan, Ventura's friend, told jurors in Manhattan federal court. Bongolan, 33, said Combs later threw her onto the balcony furniture. She said she suffered bruises as a result of the incident and had night terrors and paranoia. The judge called a lunch break in the trial before prosecutors could ask Bongolan for additional details about the incident. Her testimony was expected to resume shortly after 1 p.m. EDT (1700 GMT). Combs, 55, has pleaded not guilty to five counts including racketeering conspiracy and sex trafficking. Federal prosecutors in Manhattan say Combs over two decades coerced women, including Ventura, to take part in drug-fueled sexual performances with male sex workers known as "Freak Offs." The trial is in its fourth week. Ventura, a rhythm and blues singer known as Cassie, told jurors last month she took part in Combs' Freak Offs for about a decade, at first to please him and later because he blackmailed her with videos of the encounters. She said Combs frequently beat her. Prosecutors with the Manhattan U.S. attorney's office say Combs and his associates used force and the threat of force to coerce women to take part in the Freak Offs and to make sure witnesses to his abuse remained quiet. Combs' lawyers have acknowledged he was at times abusive in domestic relationships, but argue that women who took part in Freak Offs did so consensually. Combs could face life in prison if convicted on all counts. Prosecutors have said they may finish presenting their case next week, allowing the defense to put on its case.
Reuters
14 minutes ago
- Reuters
With LIV task at hand, Joaquin Niemann looks ahead to U.S. Open
June 4 - Joaquin Niemann is riding a high entering the LIV Golf Virginia event this weekend. He's won five times in the past 20 LIV events. He's the league's season points leader. But he's reached the point of the season where he's juggling some golf balls. He's got the Virginia event beginning Friday and also is preparing for the season's next major, the U.S. Open, June 12-15 at the daunting Oakmont Country Club in Pennsylvania. The chance to win his first major is on his mind. His success -- multiple LIV wins and two PGA Tour titles -- hasn't translated into success in the majors. His best finish at a major came last month at the PGA Championship at the Quail Hollow Club in Charlotte, where he tied for eighth. He earned an exemption into the U.S. Open. "Yeah, obviously we're a week away from that. Yeah, I had a good finish at PGA," the 26-year-old Chilean said Wednesday. "I didn't feel like I played my best game. I felt like there was a lot more at the time to play better. I knew I could have a way better result. But I think we can take the positives and go step by step. It's my first top 10 in a major, so that's a positive." At the Masters Tournament in April, he finished T29. He knows his first time playing Oakmont will be difficult. "I can't really tell you how I'm feeling, how I'm going to be feeling that week," he said. "I know it's going to be a really tough week. I know U.S. Opens are always prepping the course as hard as they can. They want us to win with over par, which talks about how hard they're going to set it up. I know it's going to be long rough. You've got to hit it long, straight. "It's going to be hard. I know it's going to be a good challenge. Looking forward for that, I guess." Niemann only has to look at the other players at the LIV Golf event at the Robert Trent Jones Golf Club in Gainesville, Va., for inspiration. He's surrounded by majors winners. Several of LIV's most prominent players will be in the field with him at Oakmont, outside of Pittsburgh. Bryson DeChambeau, Brooks Koepka, Dustin Johnson and Spaniard Jon Rahm are invited as U.S. Open winners from the past 10 years; DeChambeau is the defending champion. Englishman Richard Bland was invited after winning the 2024 U.S. Senior Open. A pair of other recent major winners -- Phil Mickelson (2021 PGA Championship) and Cameron Smith (2022 Open Championship) -- are exempt as well. LIV player Carlos Ortiz of Mexico made it through a U.S. Open final qualifier last month in Dallas, where Spain's Sergio Garcia fell one stroke shy of a playoff. On Monday, seven LIV players -- most notably two-time Masters winner Bubba Watson -- opted to withdraw from a U.S. Open final qualifying site in Rockville, Md. The U.S. Open is where Niemann can apply what he's learned from his LIV rivals. "I know that I don't have any majors yet. I know if I have one, I know I'm going to have another one and then another one, and that's the way it works," he said. "But yeah, for me, having somebody like Phil or Bryson or Brooks, DJ or Sergio, all these guys, they already won. They've already been in that situation. "Just competing against them, it just makes me in a way feel that I'm -- I know 100 percent in myself that I can do it, that I can accomplish that. I feel like there's probably some information that I can learn here and there from them. So whenever I have a chance, I try to learn." He still has the immediate task at hand this weekend in Virginia. And Niemann said he knows the push his LIV league mates will pose for him the rest of the season. He's already lived it. Rahm edged him out of the individual title on the final weekend of the 2024 season. "It's kind of similar from last year. I was in a similar situation, leading the points," he said. "I know I have a challenge in front of me. I know there's really good players behind me trying to chase me. You've got Bryson, you've got Jon, Sergio. Last year I had a good fight with Jon the last half of the season, and now Bryson is underway playing great golf, as well. "I take it as a great challenge. I know I got to play great and amazing golf to have a chance to win the league, which is the goal. It feels good to be here right now. The way I've been playing, winning three times this year is pretty cool, too, so hopefully I can keep that percentage going the way it is." --Field Level Media
Reuters
23 minutes ago
- Reuters
Phil Mickelson: LIV 'well on our way' to having world's best golfers
June 4 - Phil Mickelson has been vocal with his praise of LIV Golf since joining the upstart circuit in 2022, celebrating its direction and what he views as forward thinking. On Wednesday, Mickelson applauded the addition of promising young stars as LIV Golf begins to bolster its case for having the world's best golfers. "I think that we're well on our way and not that far away from making that happen, and you're seeing it with these good young players that are coming out," the six-time major champion said. "If you look at the good young players from different parts of the world, not necessarily the United States, you've got Jose Ballester (Spain) and Luis Masaveu (Spain) and Tom McKibbin (Northern Ireland) and these young guys from other parts of the world are really interested in wanting to come to LIV and they get what it's about. "I think over time that's just going to continue to grow just like it has exponentially in the last three years, and I think we're not that far away from having it be what we all want it to be, which is all the best players in the world playing against each other." Ballester, the U.S. Amateur champion, signed a multi-year contract with LIV Golf on Wednesday. Known as "Josele," Ballester will make his professional debut this week at the Virginia event and be part of the Fireballs team captained by fellow Spaniard Sergio Garcia. Ballester, 21, will join Abraham Ancer, David Puig and Garcia on Fireballs. Masaveu, 22, will remain in the Fireballs lineup this week for the team while Puig deals with a back injury. McKibbin, 22, signed with LIV in January and joined Jon Rahm, Tyrrell Hatton and Caleb Surratt as part of the Legion XIII team. --Field Level Media
