MoonageDaydream.Film » Actors » How microsoft names threat actors

How microsoft names threat actors: 60 Photos

Microsoft Threat Actor Naming Changes

Microsoft Threat Actor Naming Changes....

Views: 100
Youtube - @Microsoft EDU Security Office Hours

FAQs

For nation-state actors, we have assigned a family name to a country/region of origin tied to attribution, like Typhoon indicates origin or attribution to China. For other actors, the family name represents a motivation. For example, Tempest indicates financially motivated actors.
SCATTERED SPIDER is known by various other names to different cybersecurity vendors who report on threat groups. This includes UNC3944 (Mandiant), Octo Tempest (Microsoft), 0ktapus (Group-IB), Muddled Libra (PAN Unit 42), and Scatter Swine (Okta).
Organizations within the cybersecurity community conducting APT research assign names/numbers to APTs upon discovery. Because more than one organization engages in APT research, and there may be overlaps among APTs, there can be multiple names for a single APT. There is no ultimate arbiter of APT naming conventions.
CrowdStrike and Mandiant use different naming conventions. Microsoft security rival CrowdStrike, for example, uses a two-part name based on criminals' motivation and national origin. “Fancy Bear,” “Voodoo Bear” and similar names come from the CrowdStrike system, which calls Russia-originated actors “Bears.”
The Actors' Equity Association (AEA) advises performers to select a name that is easy for others to pronounce, spell, and remember. Some performers, while paying great attention to their skills and abilities, give little thought to the difference that a well-thought-out name can make to their career.