When you think of global cybercriminal groups, you envision names that inspire danger or stealth. Probably less frequent names like “Caramel Tsunami”, “Mustard Storm” or “Blackberry Typhoon”.
However, these are the names chosen by Microsoft. The company, which tracks dozens of cybercriminal groups around the world, announced a complete review of the names it had given them up to that point, in an April 20 press release.
The LAPSUS$ group, which had leaked GTA VI footage in the fall of 2022 and was referred to by Microsoft as DEV-0537, for example, became “Strawberry Storm.” The Sandworm group, which Microsoft associates with Russia and which is allegedly involved in numerous attacks against Ukraine and the En Marche! campaign team. in 2017, it becomes “Blizzard of shells”.
most evocative names
The objective: to make the names of the groups more suggestive. Historically, Microsoft referred to the top threats it tracked by chemical element names taken from the periodic table.
But unless you know them all by heart, it might be hard to remember who was behind Bario (a China-linked group), not to be confused with Bohrium (an Iran-linked group) or Bromin (a Russia-linked group).
With this new taxonomy, each group is assigned a name that follows a very specific pattern: an adjective evoking a color, then a name of a weather phenomenon associated with a specific country or target. For example, groups that Microsoft links to Iran will always include the word “sandstorm,” those linked to Russia the word “blizzard,” and groups that sell their software or services at most offer the word “tsunami.”
But the choice of color can give surprising associations, in particular to designate criminal groups that act on a planetary scale.
He points out that the conclusions of cybersecurity companies can change over time, and that changing the names of hacker groups doesn’t help. “Imagine the scene, ‘They told you it was ‘Dirty Mustard,’ and now it’s ‘Swirling Storm.’ You’re like, ‘What the hell?'”
And this change won’t solve all naming problems, because each cyber surveillance company calls the groups it investigates what it wants. The “Phantom Blizzard” group, formerly called “Bromine” by Microsoft, is also called by other companies “Energetic Bear”, or even… “Crouching Yeti”.
Source: BFM TV
