How microsoft names threat actors: 60 Photos
Microsoft Exchange & the HAFNIUM Threat Actor | pictures
Microsoft Threat Actor Naming Changes
Threat actors leverage Microsoft RDP service and RTF
Videos
Why Microsoft Uses AI to Fight Cyber Threats
Microsoft is naming hackers after weather conditions like storms, typhoons, and blizzards
Tracking Tactics of Threat Actors
Behind the scenes with threat intelligence expert Steve Ginty
Microsoft launches new rules to name malicious threat photos
FAQs
For nation-state actors, we have assigned a family name to a country/region of origin tied to attribution, like Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation. For example, Tempest indicates financially motivated actors.
SCATTERED SPIDER is known by various other names to different cybersecurity vendors who report on threat groups. This includes UNC3944 (Mandiant), Octo Tempest (Microsoft), 0ktapus (Group-IB), Muddled Libra (PAN Unit 42), and Scatter Swine (Okta).
Organizations within the cybersecurity community conducting APT research assign names/numbers to APTs upon discovery. Because more than one organization engages in APT research, and there may be overlaps among APTs, there can be multiple names for a single APT. There is no ultimate arbiter of APT naming conventions.
CrowdStrike and Mandiant use different naming conventions. Microsoft security rival CrowdStrike, for example, uses a two-part name based on criminals' motivation and national origin. “Fancy Bear,” “Voodoo Bear” and similar names come from the CrowdStrike system, which calls Russia-originated actors “Bears.”
The Actors' Equity Association (AEA) advises performers to select a name that is easy for others to pronounce, spell, and remember. Some performers, while paying great attention to their skills and abilities, give little thought to the difference that a well-thought-out name can make to their career.