Mandia concedes today that in the five years since his Fluffy Snuggle Duck comment, he's become more inured to the silly hacker group names. And you were hacked by Fluffy Snuggle Duck,’” Mandia said. “I’ve always wondered, how do you get into a boardroom and say, ‘Sir, I know you’re breached. Kevin Mandia, one of the original hacker hunters and the founder and CEO of the cybersecurity firm Mandiant, captured this problem in a speech at the Cybersecurity Threat Intelligence Summit in 2018. On the other hand, is it really appropriate to label a group of Iranian hackers that seeks to penetrate crucial elements of US civilian infrastructure Mint Sandstorm, as if they're an exotic flavor of air freshener? (The older name given to them by Crowdstrike, Charming Kitten, is certainly not any better.) Did the Israeli hacker-for-hire mercenaries known as Candiru, who have sold their services to governments targeting journalists and human rights activists, really need to be renamed Caramel Tsunami, a brand befitting a Dunkin’ beverage, and one that's already taken by a strain of cannabis? Members of the Russian ransomware group EvilCorp, for instance, are not likely to be happy with Microsoft's rebranding them as Manatee Tempest. So Sandworm becomes Telebots, and Voodoo Bear, and Hades, and Iron Viking, and Electrum, and- sigh-Seashell Blizzard, as every company's analysts get a different glimpse of the group's anatomy.īut, sprawl aside, did these names have to be quite so on-their-face ridiculous? To some degree, it may be wise to give names to hacker gangs that rob them of their malevolent glamour. If your competitor isn't sharing everything they see, it's better to make no assumptions and track the new hackers under your own name. When a threat intelligence firm finds evidence of a new team of network intruders, they can't be sure they're seeing the same group that another company has already spotted and labeled, even if they do see familiar malware, victims, and command-and-control infrastructure between the two groups. There's a certain, stubborn logic behind the cybersecurity industry's ever-growing sprawl of hacker group handles. “There’s some origin story to each one,” Lambert says, “or it could just be a name out of a hat.” Sometimes they have a semantic or phonetic connection to the hacker group, and sometimes they're random. “That's cybersecurity defenders' world, too.” As for the adjectives preceding those meteorological terms-often the real source of the names' inadvertent comedy-they're chosen by analysts from a long list of words. “We liked weather because it's a pervasive force, it's disruptive, and there's a kindred spirit because the study of weather over time involves improvement in sensors, data, and analysis,” says Lambert. Microsoft's team was also just running out of elements-there are, after all, only 118 of them. (Instances that are not yet fully attributed to a known group are given a temporary classifier, he notes.) In contrast to Lee's point about choosing neutral names, the Microsoft team wanted to give customers more context about hackers in the names, Lambert says, immediately identifying their nationality and motive. When I reached out to Microsoft about its new naming scheme, the head of its Threat Intelligence Center, John Lambert, explained the rationale behind the change: Microsoft's new names are more distinct, memorable, and searchable. Barium, a team of Chinese hackers that's carried out more software-supply-chain attacks than perhaps any group worldwide, is now Brass Typhoon-a phrase that, I confess, I have a hard time separating from flatulence. Iridium, Russia's most aggressive and dangerous cyberwar-focused military hacker unit more commonly known as Sandworm-responsible for multiple blackouts in Ukraine and the most destructive malware in history-now has the whimsical title of Seashell Blizzard. That means Phosphorous, an Iranian group that Microsoft reported this week has been targeting US critical infrastructure like seaports, energy companies, and transit systems, now has the less-than-fearsome name Mint Sandstorm.
Instead of its previous system, which gave those organizations the names of elements-a fairly neutral, scientific-sounding system as these things go-it will now give hacker groups two-word names, including in their description a weather-based term indicating what country the hackers are believed to work on behalf of, as well as whether they're state-sponsored or criminal. A few days ago, Microsoft's cybersecurity division announced it was changing the entire taxonomy of names it uses for the hundreds of hacker groups that it tracks.
0 kommentar(er)
