'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
WASHINGTON (Reuters) -Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them.
Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage.
'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security.
How meaningful the effort ends up being remains to be seen.
Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.
Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky.
Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.
In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.'
But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.'
Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.'
'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said.
Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.
Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
But CrowdStrikeSenior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
(Reporting by Raphael Satter, editing by Chris Sanders and Deepa Babington)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Sun
4 hours ago
- The Sun
Ukraine drone attack injures railway worker in Russia's Voronezh
VORONEZH: A Ukrainian drone attack injured a railway worker and damaged a power line at a station in Russia's Voronezh region, the local governor confirmed. Alexander Gusev stated on Telegram that a track technician was hospitalised following the overnight strike. Train services faced delays but resumed normal operations by Sunday morning, according to Gusev. Russia's defence ministry reported intercepting nine drones over Voronezh and 46 nationwide overnight. Reuters could not independently verify the Russian claims, and Ukraine has not issued an immediate response. Kyiv maintains its strikes on Russian soil target military infrastructure supporting the invasion of Ukraine. The incident follows a U.S.-Russia summit where no progress was made toward ending the conflict. Donald Trump suggested Ukraine should negotiate with Moscow, calling Russia a 'very big power.' - Reuters
The Sun
4 hours ago
- The Sun
Uncles smoking under ‘No Smoking' signs go viral
A viral video showing two elderly men casually smoking inside a Chinese restaurant — right beneath several 'No Smoking' stickers — has reignited frustrations over Malaysia's lax enforcement of smoking bans. The video, posted on Reddit by user @Adorable_Fool0, shows the pair puffing away in full view of diners, seemingly unfazed by the warning signs plastered on the walls. According to the uploader, one of the men caught lighting up was none other than the restaurant's owner. 'One of them is the owner, guys. Reported to the hotline already,' the Redditor wrote. The clip quickly gained traction, drawing hundreds of comments from Malaysians who shared similar experiences of smoke-filled eateries despite the nationwide ban. One commenter, @cyberkewl, said there was little customers could do. 'Nothing much can do other than if you dare — tegur (reprimand), if not just ignore. 'Shop owner also don't want do anything... they won't cos will lose their biz.' Another user, @Last_Commission8617, compared the situation to Singapore's stricter rules. 'Malaysia enforcement not strict like SG. In SG kena saman. Here I don't even see any enforcers around... Malaysia just put sign saying no smoke but orang yg bagi saman tu takde (the ones giving fines are not there).' Some shared their own attempts at speaking up, often with disappointing results. 'My experience after pointing out to a staff or worker was a 'what can we do' shrug,' said @obiedge. 'The boss scolded me for being a busybody,' added @ylngui. Others argued that businesses deliberately turn a blind eye. 'If they get more complaints sure, but if they don't, doubt they'll enforce... smokers also bring money in,' wrote @cyberkewl. Still, not everyone lets it slide. One user, @Automatic-Word2917, said direct confrontation often works. 'I tegur terus. They always say sorry and go off to smoke elsewhere. 'All smokers know it is against the law... Don't just biar je (let it be). If they want to kill themselves, that's their choice. But don't drag the rest of us along.' The commenter urged Malaysians to make noise and report such incidents: 'File your complaints to KKM and the local council anyway. Make it viral. Name and shame... I guarantee you every businessman cares about a RM10k fine.' Under the Control of Smoking Products for Public Health Act 2024 (Act 852), which came into force in January 2025, smoking and vaping are banned in 28 types of premises, including eateries, hospitals, workplaces, laundromats, air-conditioned shops, entertainment outlets and theatres. Offenders face fines of up to RM5,000, while business owners can also be fined up to RM5,000 if they fail to display no-smoking signs, allow smoking, or neglect to take action against violators. The Health Ministry urges the public to report violations via the WhatsApp Aduan Merokok line (+6010-860 8949), the hotline (03-88924530) or the JomLapor portal. Reports should include photos or videos along with the date, time, location, and a brief description of the incident.
Barnama
5 hours ago
- Barnama
GOF seizes RM13.7 Mln Worth Of Timber In Tanah Merah
KOTA BHARU, Aug 17 (Bernama) -- The General Operations Force (GOF) 8th Battalion seized logs and processed timber worth an estimated RM13.7 million during an inspection of a sawmill in Mukim Batang Merbau, Tanah Merah yesterday. Southeast Brigade Commander Datuk Nik Ros Azhan Nik Ab Hamid said a Chinese national and two Myanmar workers without valid travel documents were also arrested at the premises. 'The logs were untaxed as they bore no revenue stamps from the Forestry Department or the company. The timber is suspected to have been sourced from encroachment activities in forest reserves across the state,' he said in a statement today.
