Unifying the Chaos: Microsoft and Crowdstrike Team Up to Create a Standardized Naming System for Notorious Hackers
As the threat landscape continues to evolve, cybersecurity experts are facing an unprecedented challenge in keeping track of the numerous hacking collectives, ransomware groups, and state-sponsored threat actors. Microsoft has taken a step towards addressing this issue by collaborating with Crowdstrike to develop a unified naming system for tracking the worst hackers around.
The new initiative aims to provide a standardized naming convention that will help save precious seconds when responding to cyberattacks. By providing a single, consistent name for each group, authorities, security experts, businesses, and security vendors can quickly identify and contain threats, reducing the risk of prolonged attacks and potential damage.
The inconsistent use of names for the same hacking groups is already causing confusion among cybersecurity professionals. For example, those tracking the Salt Typhoon group may also come across OPERATOR PANDA, GhostEmperor, and FamousSparrow – all referring to the same malicious entity. This inconsistency can lead to reduced confidence, complicate analysis, and delay response times.
As part of this collaboration, Microsoft has released a comprehensive reference guide that outlines its naming conventions, as well as other names given to notorious hacking groups by security vendors. The guide categorizes nation-state actors into their geographic location using weather-themed names, such as Typhoon for China, Blizzard for Russia, and Storm for unidentified or unknown actors.
Other groups are tracked using weather event-themed names, including influence campaigns (Flood), financially motivated groups (Tempest), and commercial cyberweapon developers (Tsunami). This standardized naming system will provide a clear and concise way to communicate about the threat landscape, making it easier for security professionals to collaborate and share intelligence.
Google's Mandiant subsidiary and Palo Alto Networks Unit 42 will also be contributing to the mapping of hacking group names, further solidifying this initiative as a community-wide effort. Microsoft stated that "Security is a shared responsibility, requiring community-wide efforts to improve defensive measures." The company looks forward to collaborating with other security vendors to enhance the effectiveness of their defenses.
About the Author
Benedict has been writing about security issues for over 7 years, initially focusing on geopolitics and international relations. He holds a degree in BA Politics with Journalism from the University of Buckingham, achieving second-class honours (upper division), before pursuing a distinction in his MA Security, Intelligence, and Diplomacy studies. Benedict joined TechRadar Pro as a Staff Writer, shifting his focus towards cybersecurity to explore state-sponsored threat actors, malware, social engineering, and national security.
Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management. His in-depth knowledge of the industry enables him to provide insightful analysis and guidance for businesses and organizations seeking to enhance their cybersecurity posture.