Microsoft starts using names of weather events to name hackers

In an update to its naming taxonomy, Microsoft has begun naming hacker groups after weather events, such as a storm, typhoon or blizzard. This means, for example, that the Lapsus$ hacker group, which has attacked companies such as Nvidia, Samsung, and Microsoft, will now be called Strawberry Tempest.

Here's What We Know

The new taxonomy will include five key groups for classifying cybersecurity threats. These groups include nation-state actors, financially motivated actors, private sector attackers (PSOAs), influence operations, and emerging groups. If a new cybersecurity threat is unidentified or from an unknown source, Microsoft will assign it a temporary designation of "Storm" and a four-digit number instead of the previous "DEV" name.

In addition, nation-state hackers will be named after specific weather events to indicate their origin. For example, Chinese hackers will be called "Typhoon" and Iranian hackers will be called "Sandstorm". The Russian group Cozy Bear, which is known for hacking into the systems of the Republican and Democratic National Committees, will now be known as Midnight Blizzard instead of its previous name, NOBELIUM.

Financially motivated hacker groups will be called Tempest, and PSOA will be called Tsunami. Influence operations will be named after floods. The previous approach to naming threats will be abandoned in favour of a new taxonomy.

Microsoft tracks more than 160 nation-state hacker groups, 50 ransomware groups, 300 unique threat actors, and hundreds of other hackers, along with a community of cybersecurity professionals who use other names for hacker groups.

Source: The Verge