'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
CrowdStrike logo is seen in this illustration taken July 29, 2024. REUTERS/Dado Ruvic/Illustration/File Photo
WASHINGTON (Reuters) -Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them.
Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage.
'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security.
How meaningful the effort ends up being remains to be seen.
Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.
Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky.
Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.
In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.'
But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.'
Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.'
'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said.
Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.
Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
But CrowdStrikeSenior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
(Reporting by Raphael Satter, editing by Chris Sanders and Deepa Babington)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Star
an hour ago
- The Star
Putin openly questions peace talks after blaming Ukraine for deadly bridge attack in Russia
Russian President Vladimir Putin chairs a meeting with members of the government via video link at the Novo-Ogaryovo state residence outside Moscow, Russia June 4, 2025. Sputnik/Gavriil Grigorov/Pool via REUTERS MOSCOW (Reuters) -Russian President Vladimir Putin on Wednesday openly questioned the point of peace talks with Ukraine after accusing Kyiv's senior leadership of ordering deadly terrorist attacks on bridges in Russia that killed seven and injured 115 more. Russian investigators said that Ukraine blew up a highway bridge over a railway on Saturday just as a passenger train with 388 people on board was underneath it. The attacks came ahead of peace talks in Turkey on Monday. Putin said the attacks on the bridge in Bryansk and another one in Kursk had been directed clearly against the civilian population and that the attacks were evidence that the Kyiv government "was degenerating into a terrorist organisation, and its sponsors are becoming accomplices of terrorists." "The current Kyiv regime does not need peace at all," Putin said at a televised meeting with senior officials. "What is there to talk about? How can we negotiate with those who rely on terror?" Putin suggested that any ceasefire would simply be used to pump Ukraine full of Western weapons. Ukraine has not commented on the bridge blasts. (Reporting by Vladimir Soldatkin and Dmitry Antonov; Editing by Guy Faulconbridge)
The Star
an hour ago
- The Star
Russia urges US and UK to restrain Ukraine after attacks on bombers
FILE PHOTO: Russia's Deputy Foreign Minister Sergei Ryabkov attends the BRICS Meeting of Ministers of Foreign Affairs in Rio de Janeiro, Brazil, April 28, 2025. Mauro Pimentel/Pool via REUTERS/File Photo MOSCOW (Reuters) -Moscow said on Wednesday that military options were "on the table" for its response to Ukrainian attacks deep inside Russia and accused the West of being involved in them. Russia also urged the United States and Britain to restrain Kyiv after the attacks, which Ukrainian officials have lauded as showing Kyiv can still fight back after more than three years of war. British and U.S. officials have said they had no prior knowledge of Ukraine's attacks on Russian nuclear-capable long-range bombers at military bases over the weekend. Ukraine also tried to blow up a rail and road link with Crimea on Tuesday, and Russia says Kyiv blew up a highway bridge over a passenger train late on Saturday. U.S. President Donald Trump's Ukraine envoy said the risk of escalation from the war "going way up" after the attacks on the nuclear-capable bombers. A week earlier, Trump rebuked Russian President Vladimir Putin over a fierce aerial attack on Ukraine. "We urge London and Washington to react in such a way as to stop further escalation," Russian Deputy Foreign Minister Sergei Ryabkov, who oversees relations with the U.S. and arms control, was quoted as saying by Interfax news agency. "All options are on the table," Ryabkov said, when asked what Russia's response to Ukraine's attacks would be. "This is a question for our military." Russia and the U.S. together hold about 88% of all nuclear weapons. Asked whether Russia thought the West was involved in the recent attacks, Foreign Ministry spokeswoman Maria Zakharova said the West supplied weapons, gave target coordinates, refused to condemn such attacks and actively incited them. "These are several areas that prove the fact of the involvement, both direct and indirect, and the guilt of the West for the terrorist attacks that are taking place against civilians and civilian infrastructure facilities by the Kyiv regime," Zakharova said. Kyiv has not commented on the bridge attacks. Each side has accused the other of carrying out acts of terrorism during the conflict and each blames the other for a lack of progress at peace talks. Trump was not informed in advance of Ukraine's drone attacks on Russia, White House spokeswoman Karoline Leavitt said on Tuesday. A British government official said the government was not informed ahead of time. (Reporting by Dmitry Antonov; Writing by Gleb Stolyarov; Editing by Guy Faulconbridge and Timothy Heritage)
The Sun
2 hours ago
- The Sun
Moscow security chief discusses Ukraine with N.Korea's Kim Jong Un
MOSCOW: Russia's security chief Sergei Shoigu discussed the Ukraine conflict with North Korea's Kim Jong Un on a visit to Pyongyang on Wednesday, Moscow's embassy in the reclusive state said. North Korea has become one of Russia's main allies during Moscow's more than three-year-long Ukraine offensive, sending thousands of troops to help the Kremlin oust Ukrainian forces from its Kursk border region. Pyongyang is also largely believed to be arming Russia. 'Sergei Shoigu was received by the Chairman of State Affairs of the DPRK, Kim Jong Un,' the embassy said, adding that they 'exchanged views on the situation around the Ukrainian crisis and the Korean peninsula'. It said talks took place 'in an atmosphere of friendly mutual understanding'. Shoigu also met with North Korean military official Pak Jong-chon, the embassy said. Russia's TASS news agency said earlier that Shoigu had arrived on the orders of Russian President Vladimir Putin. Wednesday's visit is Shoigu's second to Pyongyang in less than three months. Pyongyang has defended its military cooperation with Russia, saying on Monday that ties were aimed at 'ensuring peace and stability' in Europe and Asia. Around 600 North Korean soldiers have been killed and thousands more wounded fighting for Russia, according to South Korean lawmaker Lee Seong-kweun, citing the country's intelligence service. Russia and North Korea signed a sweeping military deal last year, including a mutual defence clause, during a rare visit by Putin to the nuclear-armed North. Shoigu hailed the deal as 'fully meeting the interests of both countries' during a visit in March.
