Microsoft Security Nomenclature Switches to Bad Weather Naming Scheme -- Redmondmag.com

Microsoft Security Nomenclature Switches to Bad Weather Naming Scheme

By Kurt Mackie
04/19/2023

Microsoft announced this week that it has scrapped its security threat nomenclature for a new weather-themed one.

The new approach has a kind of hierarchy and includes weather icons to quickly identify the overall threat family that's involved. The new scheme includes:

Threat-actor categories, namely "nation states," "financially motivated" (criminals), "private sector offensive actors" (legal corporations that sell spyware or malware), "influence operations" (propagandists) and "groups in development" (new or unknown actors)
Threat-actor types (such as the names of nations involved in cyberattacks or espionage), and
Threat-actor family names.

It's the threat-actor family name that gets the new bad weather-associated naming scheme, along with bad weather icons. Microsoft now tags China as "Typhoon," Iran as "Sandstorm" and "Russia as "Blizzard," for instance.

Microsoft also will affix an adjective before the family name to designate some particular group in a threat-actor family. These adjectives seem to be either food names or color names. The scheme is already in effect for Iran with this Microsoft April 18 post on "Mint Sandstorm," a nation-state threat group that Microsoft used to call "Phosphorus."

Microsoft described Mint Sandstorm as becoming more adept at exploiting published proof-of-concept vulnerabilities to target "private and public sectors." Microsoft explained that "Mint Sandstorm is a composite name used to describe several subgroups of activity with ties to the same organizational structure," principally Iran's military intelligence.

The stepped-up activity of Mint Sandstorm was said to be a reaction to cyberattacks on Iranian seaports and transport sectors that the Iranian government blamed on the Israel and the United States. Oddly, Microsoft's new weather-themed threat-actor nomenclature did not show names for Israel and the United States. Multiple other countries that may engage in cyberattacks also weren't included in Microsoft new naming scheme.

In any case, Microsoft's older naming scheme for threat actors has already been replaced. "The naming approach we have used previously (Elements, Trees, Volcanoes, and DEVs) has been retired," the announcement indicated.

Microsoft provides a table for befuddled security researchers trying to learn the new threat group names, compared with Microsoft's older scheme, in this document. The new name combinations can become somewhat interesting, such as "Spandex Tempest" for an older "Chimborazo" appellation and "Violet Typhoon" for "Zirconium" (China).

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.