"'Denim Tsunami' and 'Mulberry Typhoon': Microsoft Alters the Way It Names Hacking Groups"
Cybersecurity professionals need help remembering all the various names companies use to refer to threat actors. For example, some use a number system, while others use colors, animals, and adjectives such as "fancy" and "charming." Microsoft has announced that it is moving away from a taxonomy based on chemical elements to one that uses weather-themed names to classify hacking groups, adding yet another naming scheme. The tech giant outlined its new naming scheme, explaining that countries will be assigned weather conditions such as blizzard for Russia, sleet for North Korea, typhoon for China, and sandstorm for Iran, while specific groups within nations will be categorized by an adjective such as a color. An Iranian nation-state group will be renamed "Mint Sandstorm" after previously being referred to as "Phosphorus." Microsoft's John Lambert stated that the increasing complexity, scale, and volume of threats calls for reimagining not only how Microsoft communicates threats but also how the company enables customers to understand these threats quickly and with clarity. With the new taxonomy, consumers and security researchers who are already overwhelmed by threat intelligence data will be provided with more context. Lambert explained that the new system would enable them to better organize the threat groups they are tasked with monitoring and provide easier classification methods. Simply by reading the name, researchers and security teams will immediately have an idea about the type of threat actor they are facing. He added that Microsoft is currently tracking over 300 threat actors, including 160 nation-state groups, 50 ransomware gangs, and hundreds of other types of attackers. Using its new naming taxonomy, Microsoft has reclassified every actor it tracks. This article continues to discuss Microsoft's new naming scheme for threat actors.