Latest news with #CozyBear
Time of India
03-06-2025
- Politics
- Time of India
'Midnight Blizzard', 'Cozy Bear' and more ...How Microsoft, Google and other tech companies plans to untangle weird hacker nicknames
Microsoft, Google, CrowdStrike and Palo Alto Networks have announced that they will create a public glossary for state-sponsored hacking groups and cybercriminals. The goal is to reduce confusion caused by numerous unofficial nicknames for these entities. Microsoft and CrowdStrike expressed hopes of involving other industry partners and the US government in this effort to identify threat actors. "We do believe this will accelerate our collective response and collective defense against these threat actors," stated Vasu Jakkal, corporate vice president at Microsoft Security. Why it matters for US government and researchers Cybersecurity companies have long assigned coded names to hacking groups because attributing digital attacks can be difficult. Researchers need a way to track their adversaries. These names vary from functional, like "APT1" (Mandiant) or "TA453" (Proofpoint), to more colorful aliases such as "Earth Lamia" (TrendMicro) or "Equation Group" (Kaspersky). CrowdStrike's evocative names, like " Cozy Bear " for Russian hackers and "Kryptonite Panda" for Chinese groups, have been particularly popular, leading others to adopt similar styles. For example, Secureworks (now owned by Sophos) began using "Iron Twilight" for Russian hackers previously known as "TG-4127" in 2016. Microsoft also recently changed its naming convention from element-themed names like "Rubidium" to weather-themed ones such as "Lemon Sandstorm" or "Sangria Tempest." "But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action," Jakkal said. However, the proliferation of these unique aliases has created overload. A 2016 U.S. government report on hacking attempts against the election caused confusion by using 48 different nicknames for various Russian hacking groups and malicious programs, including "Sofacy," "Pawn Storm," and "Tsar Team." Michael Sikorski, CTO for Palo Alto's threat intelligence unit, called the initiative a "game-changer," noting, "Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity." Adam Meyers, CrowdStrike's senior vice president of Counter Adversary Operations, highlighted an early success. He reported that the initiative already helped his analysts link a group Microsoft named "Salt Typhoon" with CrowdStrike's "Operator Panda." 5 biggest AI announcements at Microsoft Build 2025
Yahoo
02-05-2025
- Politics
- Yahoo
Azerbaijani lawmaker blames Russia for February cyberattack
Russia was behind the February cyberattack on Azerbaijani media, Ramid Namazov, head of the Azerbaijani parliament's commission on countering hybrid threats, said on May 2, the APA news agency reported. According to Namazov, the investigation found that the cyberattack against Azerbaijan that took place on Feb. 20, was carried out by the infamous APT29 group, also known as Cozy Bear, widely believed to be linked to Russia's Foreign Intelligence Service. "The activities of APT29, which is engaged in cyber espionage, are mainly directed against government agencies, foreign diplomatic missions, as well as political, defense, energy, media and other critical areas," the lawmaker said. Namazov suggested that the attack was a retaliation for the closure of the Russian House in Baku in early February and the possible shutdown of the Azerbaijani branch of Sputnik radio. "It is because of these processes that this politically motivated incident of cyber interference took place," he added. Azerbaijan, who has maintained historical ties with Russia, has seen relations with Moscow dwindle following the Dec. 25 crash of Flight J2-8243, which killed 38 people. Azerbaijani President Ilham Aliyev has accused Russia of causing the crash. Russian hacker groups have engaged in various forms of cyber warfare throughout the full-scale war, including cyberattacks against Ukraine, hacks of civilian infrastructure in Europe, and interference in foreign elections. Read also: Ukraine war latest: Ukraine destroys 83,000 Russian targets using drones in April, Syrskyi says We've been working hard to bring you independent, locally-sourced news from Ukraine. Consider supporting the Kyiv Independent.
