• tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    23
    arrow-down
    2
    ·
    3 months ago

    Russia is not alone in its activity. Microsoft also saw efforts by a China-linked group, known as Storm-1852

    rolls eyes

    You give them a cool name, you make them sound cool.

    Just do the plain ol’ number thing. Let them do their own marketing work if they want marketing.

    https://www.infosecurityeurope.com/en-gb/blog/threat-vectors/understanding-threat-actor-naming-conventions.html

    While APT43’s link with the North Korean government was confirmed for the first time in the Mandiant report, the threat actor was already known by threat analysts under other names, such as Thallium, Kimsuky, Velvet Chollima, Black Banshee and STOLEN PENCIL.

    This confusion comes down to each cyber threat intelligence (CTI) vendor operating its own attribution process for cyber-attacks – something we recently investigated on Infosecurity Magazine.

    The most prominent threat group name is the Advanced Persistent Threat (APT). Commonly used by the whole CTI community, including US non-profit organization MITRE, which provides a standardized framework for tactics, techniques and procedures (TTPs), APT groups refer to clusters of sophisticated threat actors sponsored by, or acting on behalf of a government.

    With geopolitical rather than financial motivations, APT groups typically operate cyber espionage campaigns and destructive cyber-attacks.

    Once a threat actor has been confirmed to be a coherent group of hackers backed by a nation-state, the threat analysts who lead the cyber attribution allocate it a new APT number – the latest being APT43.

    Other ‘sober’ naming conventions exist, consisting of codenames and numbers only. For example, APT-C groups are Chinese cybersecurity vendor 360 Security Technology’s equivalent to APT groups. APT-C numbers are sometimes used by other vendors.

    Others, like MITRE’s G[XXX] (e.g. G1002) or SecureWorks’ legacy TG-[XXXX] (e.g. TG-3279), are mere identification numbers and their names do not reveal anything about the threat actor.

    “We use a sober, or even dull, naming convention because we don’t want to glamorise those groups,” Collier added.

    What is this, a Microsoft naming scheme?

    kagis

    Sounds like it.

    https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/

    A Chinese-linked influence actor Microsoft tracks as Storm-1852 successfully pivoted to short-form video content that criticizes the Biden administration and Harris campaign before some of its assets disappeared from social media following reports of its activity. While most Storm-1852 personas masquerade as conservative US voters voting for Trump, a handful of accounts also create anti-Trump content and use political slogans and hashtags associated with American progressive politics.

    • Grimy@lemmy.world
      link
      fedilink
      arrow-up
      13
      ·
      3 months ago

      I’d rather they give them derogatory names.

      Useless_tools-1852 has a nice ring to it.

      • themeatbridge@lemmy.world
        link
        fedilink
        arrow-up
        11
        ·
        3 months ago

        The scary-cool name is there to help defenders take it seriously. If you give them a stupid name, elected leaders, business executives, and military leaders won’t take them seriously. It also becomes easier to tell them apart, and create identities. Who do they like to attack, how do they operate, what level of threat do they pose, etc. And then of course it sounds more impressive when you defeat them. Batman doesn’t get any respect for beating Condiment Man, but if he takes down Darkseid, people take notice.

      • tal@lemmy.today
        link
        fedilink
        English
        arrow-up
        11
        arrow-down
        3
        ·
        edit-2
        3 months ago

        looks at list

        Microsoft’s list of allocated names apparently includes:

        • Crimson Sandstorm

        • Diamond Sleet

        • Ghost Blizzard

        • Leopard Typhoon

        • Luna Tempest

        • Night Tsunami

        • Silk Typhoon

        • Star Blizzard

        This does not pass my basic sniff test of being able to tell whether a name is a group from a hostile intelligence agency or the latest Razer gaming product, a cyberpunk video game gang name, or a video gaming guild name.

        https://robinpiree.com/blog/guild-names

        • Twilight Vanguard

        • Crimson Shadows

        That’s too similar in my book.