Microsoft and other security experts want a proper naming system for the worst hackers around

News
By published

Microsoft and friends want to making naming criminal groups easier

Global Warning. Alert Sign On World Map
(Image credit: Shutterstock)
  • Microsoft announces new threat actor name tracking partnership
  • Microsoft and Crowdstrike have already cross-linked over 130 groups
  • Tracking groups will now be easier, and help security vendors respond

If you’re struggling to keep track of all the different names each hacking collective, ransomware group, and state-sponsored threat actor has, you’re not alone.

Microsoft and Crowdstrike have announced a new collaboration to help create a unified naming system to track all the worst hacking groups.

The system will help save precious seconds when responding to cyberattacks by providing a unified naming system to be used by authorities, security experts, businesses, and security vendors.

Article continues below

Unified naming for hackers

Currently, if you were trying to track the activities of the Salt Typhoon group, you may also have to be aware of the others names used to track the same group, such as OPERATOR PANDA, GhostEmperor, and FamousSparrow. This inconsistency in naming “can reduce confidence, complicate analysis, and delay response,” Microsoft said.

As part of the collaboration, Microsoft has released a reference guide which not only lays out Microsoft’s naming conventions, but also includes other names given to the most notorious hacking groups by other security vendors.

This guide breaks down nation-state actors into their geographic location using weather-themed names as the suffix, such as Typhoon for China, and Blizzard for Russia.

Other groups, such as influence campaigns (Flood), financially motivated groups (Tempest), and commercial cyberweapon developers (Tsunami), are also tracked using weather event themed names.

Groups that do not have a known affiliation, motivation, or groups that have recently emerged are tracked as Storm.

Google and their Mandiant subsidiary will also be contributing to the mapping of hacking group names, alongside Palo Alto Networks Unit 42.

“Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and we look forward to others joining us on this journey,” Microsoft said.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict is a Senior Security Writer at TechRadar Pro, where he has specialized in covering the intersection of geopolitics, cyber-warfare, and business security.

Benedict provides detailed analysis on state-sponsored threat actors, APT groups, and the protection of critical national infrastructure, with his reporting bridging the gap between technical threat intelligence and B2B security strategy.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the University of Buckingham Centre for Security and Intelligence Studies (BUCSIS), with his specialization providing him with a robust academic framework for deconstructing complex international conflicts and intelligence operations, and the ability to translate intricate security data into actionable insights.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.