Microsoft's new naming convention for threat groups sound like an order at a cocktail bar
Strawberry Tempest, Night Tsunami, Aqua Blizzard or Circle Typhoon sound like something that you would order in a Cocktail bar, or a fancy coffee joint. These deliciously sounding constructs are, however, not the latest in-drinks at Starbuck, but the new names that Microsoft is using to describe threats and threat groups.
Microsoft announced the change today on its Microsoft 365 website. There, the company reveals how it is going to name threat actors and classifying threats going forward. It has "shifted to a new naming taxonomy for threat actors aligned with the theme of weather" to "bring better clarity to customers and other security researchers".
The following naming convention is now used by Microsoft to classify threats coming from specific regions or having specific targets:
- Russia -- Blizzard
- China -- Typhoon
- Iran -- Sandstorm
- North Korea -- Sleet
- Turkey -- Dust
- Vietnam -- Cyclone
- Lebanon -- Rain
- South Korea -- Hail
- Financially Motivated -- Tempest
- Private sector offensive actor -- Tsunami
- Influence operations -- Flood
- Groups in development -- Storm
Threat actors are categorized into five key groups. Nation-state actors act "on behalf of or directed by a nation/state-aligned program, irrespective of whether for espionage, financial gain, or retribution" Microsoft notes. These continue to target "government agencies, intergovernmental organizations, non-governmental organizations, and think tanks" predominantly.
Microsoft's previous naming convention was rather chaotic, as it used elements or codes among other things to name threat actors. Ruby Sleet from North Korea was known as Cerium, Iran's Peach Sandstorm as Holmium, and the China-based Lilac Tempest as DEV-0234.
The new naming convention is more orderly. The second word of the name links it to one of the five key groups that Microsoft identified for these types of threats.
Microsoft explains: "In our new taxonomy, a weather event or family name represents one of the above categories. In the case of nation-state actors, we have assigned a family name to a country of origin tied to attribution, like Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation."
Security experts are torn when it comes to the new names. Phil Walker, CEO of Network Solutions Provider told CRN that it would help customers understand threats better, even though some might feel that the names sound funny. Michael Goldstein, CEO of LAN Infotech, suggested that the new system could "downplay the seriousness of these threat actors or even give the actors a positive spin".
Security researchers and interested users find the full list of new and previous names on Microsoft's website.
Microsoft has not revealed how it is going to classic nation-state actors that originate from a region or country outside of the eight that it has assigned codenames to already.
Now You: what is your take on this decision?
The alcohol is running throught the tables and computer at Microsoft offices. Probably.
Figures, they also “forgot” a name for the american nation state hackers.
@Frankel +10, LOL
Why on earth does Microsoft feel this is relevant for the general public? They can do internally whatever they want, but why would anyone care whether you call Russia Russia, Blizzard, or Cyclone??? Am I missing something here?
Sounds like Microsoft has an obsession with the weather.
Russia gets “Blizzard” that’s pretty cool I can live with that :)
Nobody at Microsoft appears to be actively working on anything useful. They are merely fidgeting and pondering their next idiotic scheme. This will actually cause more confusion. Why make it harder? Call it what it really is. Microsoft is sometimes all I can think of as a modern parody.
This is the way the users totally get disorientated on the most confusing humankind can think of.
Well done Microsoft. You have become more dangerous than your opponent seen for the user side.
Why not call it easy peasy – Russinan, financial, etc?