Microsoft and other security experts want a proper naming system for the worst hackers around
- Microsoft announces new threat actor name tracking partnership
- Microsoft and Crowdstrike have already cross-linked over 130 groups
- Tracking groups will now be easier, and help security vendors respond
If you’re struggling to keep track of all the different names each hacking collective, ransomware group, and state-sponsored threat actor has, you’re not alone.
Microsoft and Crowdstrike have announced a new collaboration to help create a unified naming system to track all the worst hacking groups.
The system will help save precious seconds when responding to cyberattacks by providing a unified naming system to be used by authorities, security experts, businesses, and security vendors.
Unified naming for hackers
Currently, if you were trying to track the activities of the Salt Typhoon group, you may also have to be aware of the others names used to track the same group, such as OPERATOR PANDA, GhostEmperor, and FamousSparrow. This inconsistency in naming “can reduce confidence, complicate analysis, and delay response,” Microsoft said.
As part of the collaboration, Microsoft has released a reference guide which not only lays out Microsoft’s naming conventions, but also includes other names given to the most notorious hacking groups by other security vendors.
This guide breaks down nation-state actors into their geographic location using weather-themed names as the suffix, such as Typhoon for China, and Blizzard for Russia.
Other groups, such as influence campaigns (Flood), financially motivated groups (Tempest), and commercial cyberweapon developers (Tsunami), are also tracked using weather event themed names.
Groups that do not have a known affiliation, motivation, or groups that have recently emerged are tracked as Storm.
Google and their Mandiant subsidiary will also be contributing to the mapping of hacking group names, alongside Palo Alto Networks Unit 42.
“Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and we look forward to others joining us on this journey,” Microsoft said.
You might also like
Microsoft announces new threat actor name tracking partnership Microsoft and Crowdstrike have already cross-linked over 130 groups Tracking groups will now be easier, and help security vendors respond If you’re struggling to keep track of all the different names each hacking collective, ransomware group, and state-sponsored threat actor has, you’re…
