Risk actor teams are recognized by quite a lot of colourful nicknames, with totally different safety corporations referring to the identical threats below totally different taxonomies. In an effort to streamline the naming system, Microsoft, CrowdStrike, Palo Alto Networks, and Google will publish a shared glossary that maps totally different aliases used for a similar menace actor teams.
Nonetheless, as Reuters reported, menace intelligence is commonly tied to proprietary analysis and model fame, which makes info sharing a delicate subject amongst cybersecurity corporations. Due to that, some consultants query whether or not this initiative will meaningfully shift how corporations collaborate.
Midnight Blizzard or Cozy Bear?
Completely different cybersecurity corporations have chosen their naming methods for various causes. Microsoft assigns weather-themed phrases to categorise menace actors, signaling components like nation of origin, sort of exercise, or whether or not the menace is newly rising.
The identical Russia-based group Microsoft calls Midnight Blizzard is named Cozy Bear by CrowdStrike and has the extra formal title APT29 at MITRE. One other menace actor group, primarily based in Iran, is understood variously as Mint Sandstorm, Phosphorus, Charming Kitten, and APT35.
To assist bridge these naming conventions, Microsoft and CrowdStrike have begun mapping aliases for menace teams tracked by each corporations.
“This effort isn’t about making a single naming customary,” mentioned Vasu Jakkal, company vp of Microsoft Safety, in a June 2 weblog submit. “Quite, it’s meant to assist our prospects and the broader safety group align intelligence extra simply, reply sooner, and keep forward of menace actors.”
SEE: A brand new malware rip-off disguises itself as downloads for AI companies, together with a business-to-business gross sales software and ChatGPT.
Jakkal additionally described the glossary as a “place to begin” to assist organizations translate throughout a number of naming methods and coordinate safety efforts extra successfully.
Whereas Microsoft and CrowdStrike would be the first two corporations to contribute to the glossary, Google (and its owned cybersecurity agency Mandiant) and Palo Alto Networks’ Unit 42 menace analysis group are anticipated to share enter at an undisclosed future date.
This doesn’t imply safety corporations will share all of their info
Reuters famous that in a single 2016 case, a single hacker community was related to 48 totally different nicknames, underscoring how disjointed attribution has grow to be. By providing a cross-referenced checklist of aliases, the glossary might assist defenders hyperlink associated menace actors extra shortly and precisely.
Nonetheless, skepticism stays. SentinelOne Government Director for Intelligence and Safety Analysis Juan Andres Guerrero-Saade instructed Reuters the initiative seemed like simply “branding-marketing-fairy mud” on prime of enterprise as ordinary, since cybersecurity corporations are likely to hoard info.
