Latest news with #VasuJakkal
Time of India
6 hours ago
- Politics
- Time of India
'Midnight Blizzard', 'Cozy Bear' and more ...How Microsoft, Google and other tech companies plans to untangle weird hacker nicknames
Microsoft, Google, CrowdStrike and Palo Alto Networks have announced that they will create a public glossary for state-sponsored hacking groups and cybercriminals. The goal is to reduce confusion caused by numerous unofficial nicknames for these entities. Microsoft and CrowdStrike expressed hopes of involving other industry partners and the US government in this effort to identify threat actors. "We do believe this will accelerate our collective response and collective defense against these threat actors," stated Vasu Jakkal, corporate vice president at Microsoft Security. Why it matters for US government and researchers Cybersecurity companies have long assigned coded names to hacking groups because attributing digital attacks can be difficult. Researchers need a way to track their adversaries. These names vary from functional, like "APT1" (Mandiant) or "TA453" (Proofpoint), to more colorful aliases such as "Earth Lamia" (TrendMicro) or "Equation Group" (Kaspersky). CrowdStrike's evocative names, like " Cozy Bear " for Russian hackers and "Kryptonite Panda" for Chinese groups, have been particularly popular, leading others to adopt similar styles. For example, Secureworks (now owned by Sophos) began using "Iron Twilight" for Russian hackers previously known as "TG-4127" in 2016. Microsoft also recently changed its naming convention from element-themed names like "Rubidium" to weather-themed ones such as "Lemon Sandstorm" or "Sangria Tempest." "But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action," Jakkal said. However, the proliferation of these unique aliases has created overload. A 2016 U.S. government report on hacking attempts against the election caused confusion by using 48 different nicknames for various Russian hacking groups and malicious programs, including "Sofacy," "Pawn Storm," and "Tsar Team." Michael Sikorski, CTO for Palo Alto's threat intelligence unit, called the initiative a "game-changer," noting, "Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity." Adam Meyers, CrowdStrike's senior vice president of Counter Adversary Operations, highlighted an early success. He reported that the initiative already helped his analysts link a group Microsoft named "Salt Typhoon" with CrowdStrike's "Operator Panda." 5 biggest AI announcements at Microsoft Build 2025
Time of India
16 hours ago
- Time of India
'Forest Blizzard' vs 'Fancy Bear': Microsoft, Google, Crowdstrike hope to untangle weird hacker nicknames
Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. "We do believe this will accelerate our collective response and collective defense against these threat actors," said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like One of the Most Successful Investors of All Time, Warren Buffett, Recommends: 5 Books for Turning... Blinkist: Warren Buffett's Reading List Click Here Undo Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the "APT1" hacking group exposed by cybersecurity firm Mandiant or the "TA453" group tracked by Proofpoint. Others have more color and mystery, like the "Earth Lamia" group tracked by TrendMicro or the "Equation Group" uncovered by Kaspersky. Live Events CrowdStrike's evocative nicknames - "Cozy Bear" for a set of Russian hackers, or "Kryptonite Panda" for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. Discover the stories of your interest Blockchain 5 Stories Cyber-safety 7 Stories Fintech 9 Stories E-comm 9 Stories ML 8 Stories Edtech 6 Stories In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like "Rubidium" to weather-themed ones like "Lemon Sandstorm" or "Sangria Tempest." But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including "Sofacy," "Pawn Storm," "CHOPSTICK," "Tsar Team," and "OnionDuke." Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a "game-changer." "Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity," he said. Juan Andres Guerrero-Saade, Executive Director for Intelligence and Security Research at cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."
Yahoo
a day ago
- Business
- Yahoo
Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. Microsoft and CrowdStrike will lead a cooperative effort to map out the overlapping web of hacker groups that their researchers have disclosed and named, the companies said on Monday. Palo Alto Networks and Google and its Mandiant unit have also agreed to join the collaborative effort on streamlining threat group taxonomy. For years, the companies' different naming conventions for various criminal and state-linked threat groups have created unnecessary confusion and delays in the sharing of threat intelligence. Microsoft and CrowdStrike released an initial version of their threat actor matrix on Monday, listing the groups they track and each one's corresponding aliases from other researchers. Palo Alto Networks and Google and its Mandiant unit are joining the collaborative effort on streamlining threat group taxonomy. Vasu Jakkal, corporate vice president of Microsoft Security, said that even delays of a few seconds can make a difference in whether an attack is thwarted or successful. 'One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms,' Jakkal said in a blog post. Microsoft and CrowdStrike have collaborated on more than 80 adversaries so far, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike. "Aligning on naming conventions isn't just a nice-to-have but a game-changer for defenders trying to act fast,' Michael Sikorski, CTO and head of threat intelligence at Palo Alto Networks' Unit 42, told Cybersecurity Dive. 'A shared baseline for threat actor names means faster attribution, improved cyberattack response, and fewer blind spots.' Microsoft, for example, tracks the criminal threat group known widely as Scattered Spider as Octo Tempest, while Palo Alto Networks tracks it as Muddled Libra. Microsoft and CrowdStrike are also working on a plan to create a small, focused group of contributors who will help define a process of updating and maintaining attribution mappings, Meyers said in a blog post. Meyers said there will be no change in how the companies name and identify threat actors, as each company will retain its own methods, telemetry and naming system. Naming conventions in the cybersecurity space have long been a source of controversy, not only because different firms track the same groups slightly differently but also because of how companies sometimes mythologize the capabilities of threat actors. Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, criticized some of the naming conventions during a 2024 speech at Black Hat, saying companies have almost made it seem like hacker groups have immortal superpowers.
NDTV
a day ago
- Politics
- NDTV
'Forest Blizzard', 'Fancy Bear': Cyber Companies Vs Hacker Nicknames
Washington: Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. "We do believe this will accelerate our collective response and collective defense against these threat actors," said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the "APT1" hacking group exposed by cybersecurity firm Mandiant or the "TA453" group tracked by Proofpoint. Others have more color and mystery, like the "Earth Lamia" group tracked by TrendMicro or the "Equation Group" uncovered by Kaspersky. Crowdstrike's evocative nicknames - "Cozy Bear" for a set of Russian hackers, or "Kryptonite Panda" for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like "Rubidium" to weather-themed ones like "Lemon Sandstorm" or "Sangria Tempest." But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including "Sofacy," "Pawn Storm," "CHOPSTICK," "Tsar Team," and "OnionDuke." Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a "game-changer." "Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity," he said. Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities." But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called "Salt Typhoon" with one CrowdStrike dubbed "Operator Panda."
The Star
a day ago
- The Star
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
CrowdStrike logo is seen in this illustration taken July 29, 2024. REUTERS/Dado Ruvic/Illustration/File Photo WASHINGTON (Reuters) -Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. 'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky. Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.' But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.' Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.' 'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said. Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities." But CrowdStrikeSenior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.' (Reporting by Raphael Satter, editing by Chris Sanders and Deepa Babington)
