In the past, different countries and organizations often used different names for hacker organizations and cybercriminals, causing confusion among different institutions and individuals about the differences in these names. Therefore, Microsoft, CrowdStrike, Palo Alto Networks and Google will jointly establish unified hacker naming principles and hope to attract more industry players and government agencies to join the cooperation.
In the past, many cybersecurity companies often named the specific hacker groups they were tracking after their activities, such as the hacker group "APT1" once pointed out by Mandiant, and "TA453" that Proofpoint continues to track, and even "Earth Lamia" tracked by Trend Micro and "Equation Group" discovered by Kaspersky.
Other unique names include the Russian hacker group "Cozy Bear" tracked by CrowdStrike, the Chinese hacker group "Kryptonite Panda," and the "Iron Twilight" tracked by Secureworks. This is actually the Russian hacker group "TG-4127" previously tracked. Microsoft used to use element names such as "Rubidium" as the names of the hacker groups it tracks, but recently changed to climate names such as "Lemon Sandstorm" and "Sangria Tempest."
The above names are often named by different industries themselves, but they often have different names in different places and under different circumstances, which may cause cognitive gaps. Therefore, Microsoft, CrowdStrike, Palo Alto Networks and Google will jointly establish corresponding hacker naming principles and call on more industries and government agencies to join the cooperation.
As for the corresponding methods for naming hacker organizations against each other, it includes proposing a list of targets for joint tracking by industries, and how each industry classifies such hacker organizations, thereby establishing a corresponding naming list for easy identification.
However, Juan Andres Guerrero-Saade, executive director of intelligence and security research at cybersecurity company SentinelOne, expressed skepticism. He said that in the harsh reality behind competition in the cybersecurity industry, different companies often accumulate information security information as a competitive niche. Therefore, jointly formulating a unified naming principle for hacker names may only be based on brand image promotion and may not produce any real benefits.
