Microsoft has announced that it will use weather-themed naming for advanced persistent threats (APTs) and other threat actors to better contextualize public APT disclosures. The new naming scheme is intended to provide better context to customers and security researchers facing an overwhelming amount of threat intelligence data.
The new taxonomy will categorize actors into nation-state, financially motivated, private sector cyber-mercenaries, influence operations, and groups in development, with specific countries linked to malware operations. This new approach will enable security professionals to quickly understand the type of threat actor they are facing.
Previously, Microsoft used an all-caps naming scheme based on chemical elements like ACTINIUM and IRIDIUM to describe nation-state and other advanced malware tracking activities. However, the company now claims that the complexity, scale, and volume of threats demand a new naming taxonomy.
The new naming scheme will provide a more organized, memorable, and easy way to reference adversary groups so that organizations can prioritize threats and protect themselves more effectively.
Financially motivated actors will be called Tempest while PSOA (private sector offensive actors) will be described as Tsunami. Microsoft will name actors linked to influence operations as Flood and groups in development as Storm. The company aims to make it easier to identify and remember its threat actors with this new approach.
To help manage the transition, Microsoft has published guidance that maps the older chemical element naming scheme to the new taxonomy.
