Thursday, April 27, 2023

Wired looks at the names of hacker groups


[Why] did I find myself referring to them as "the hacker group known as Kimsuky, Emerald Sleet, or Velvet Chollima"? 


A few days ago, Microsoft's cybersecurity division announced it was changing the entire taxonomy of names it uses for the hundreds of hacker groups that it tracks. Instead of its previous system, which gave those organizations the names of elements—a fairly neutral, scientific-sounding system as these things go—it will now give hacker groups two-word names, including in their description a weather-based term indicating what country the hackers are believed to work on behalf of, as well as whether they're state-sponsored or criminal.

That means Phosphorous, an Iranian group that Microsoft reported this week has been targeting US critical infrastructure like seaports, energy companies, and transit systems, now has the less-than-fearsome name Mint Sandstorm.


Many of the new names sounded so absurd that I actually double-checked Microsoft hadn't published the new labeling system on April 1. Periwinkle Tempest. Pumpkin Sandstorm. Spandex Tempest. Gingham Typhoon. 

So many more names (and plenty discussion about the merits of the naming systems).