Microsoft, CrowdStrike, Palo Alto Networks, and Google announced plans to create a public glossary of state-sponsored hacking groups and cybercriminals. The initiative aims to standardize the confusing and often whimsical nicknames used by cybersecurity firms to track digital adversaries.
For years, cybersecurity researchers have assigned their own codenames to hacking groups, often without coordination or consensus. Names range from the technical like “APT1” and “TA453” to the more imaginative, such as “Cozy Bear” and “Kryptonite Panda.” This inconsistent naming has caused confusion in the cybersecurity community, especially when multiple labels refer to the same threat actor.
“Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily,” Microsoft noted. “But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action.”
The glossary, which the companies hope will eventually include contributions from other tech firms and the US government, seeks to create a unified “who’s who” in digital espionage.
The need for clarity became particularly urgent in recent years, as naming conventions multiplied. A 2016 US government report on Russian election interference cited 48 different nicknames for various hacking entities and tools, with many referring to the same actors.
Microsoft recently revamped its own naming system, adopting weather-themed labels like “Sangria Tempest,” replacing older, element-based names like “Rubidium.” Similarly, Secureworks renamed “TG-4127” to the more memorable “Iron Twilight.”
