Latest news with #digitalespionage
CNA
4 days ago
- Business
- CNA
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
WASHINGTON :Microsoft, CrowdStrike, Palo Alto and Alphabet's Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft and CrowdStrike said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. 'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky. Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.' But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.' Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.' 'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said. Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities." But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
Reuters
4 days ago
- Business
- Reuters
'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames
WASHINGTON, June 2 (Reuters) - Microsoft, CrowdStrike, Palo Alto (PANW.O), opens new tab and Alphabet's (GOOGL.O), opens new tab Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them. Microsoft (MSFT.O), opens new tab and CrowdStrike (CRWD.O), opens new tab said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who's Who in the murky world of digital espionage. 'We do believe this will accelerate our collective response and collective defense against these threat actors,' said Vasu Jakkal, corporate vice president, Microsoft Security. How meaningful the effort ends up being remains to be seen. Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against. Some names are dry and functional, like the 'APT1' hacking group exposed by cybersecurity firm Mandiant or the 'TA453' group tracked by Proofpoint. Others have more color and mystery, like the 'Earth Lamia' group tracked by TrendMicro or the 'Equation Group' uncovered by Kaspersky. Crowdstrike's evocative nicknames - 'Cozy Bear' for a set of Russian hackers, or 'Kryptonite Panda' for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers. In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like 'Rubidium' to weather-themed ones like 'Lemon Sandstorm' or 'Sangria Tempest.' But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, opens new tab, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including 'Sofacy,' 'Pawn Storm,' 'CHOPSTICK,' 'Tsar Team,' and 'OnionDuke.' Michael Sikorski, the chief technology officer for Palo Alto's threat intelligence unit, said the initiative was a 'game-changer.' 'Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,' he said. Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information. Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities." But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called 'Salt Typhoon' with one CrowdStrike dubbed 'Operator Panda.'
Times
22-05-2025
- Business
- Times
Denmark finds ‘suspicious' components in key infrastructure imports
Danish firms have found 'suspicious' components added to east Asian circuit boards that were supposed to be built into the country's green energy infrastructure, according to an industry body. It has raised concerns about the potential for remote disruption of the power supply or digital espionage, coming a week after the US claimed to have identified 'kill switches' in a consignment of solar panels and batteries from China. So far the Danish authorities have been tight-lipped about the nature and apparent purpose of the extra electronics, as well as which country they had come from. • Chinese 'kill switches' found hidden in US solar farms Green Power Denmark, an umbrella group for 1,500 Danish renewable technology companies, said the components from 'the East' had been
