“Sangria storm”, “caramel tsunami”: the ridiculous names given by Microsoft to hackers

Microsoft has completely changed the names given to the hacker groups it monitors. But some of these new names are strange to say the least.

When you think of global cybercriminal groups, you imagine names that inspire danger or stealth. Probably less often names like “Caramel Tsunami”, “Mustard Storm” or “Blackberry Typhoon”.

Yet these are the names chosen by Microsoft. The company, which tracks dozens of cybercriminal groups around the world, has announced a complete review of the names it has given them until now, in a statement from April 20.

The LAPSUS$ group, which leaked images of GTA VI in the fall of 2022 and which Microsoft referred to as DEV-0537, for example, became “Strawberry Storm”. The Sandworm group, which Microsoft associates with Russia and which is allegedly implicated in numerous attacks on Ukraine and on the campaign team of En Marche! in 2017, becomes “Blizzard of shells”.

More evocative names

The objective: to make the names of the groups more evocative. Historically, Microsoft referred to the top threats it tracked by chemical element names taken from the periodic table.

But unless you knew them all by heart, it could be hard to remember who was behind Barium (a group linked to China) – not to be confused with Bohrium (a group linked to Iran) or Bromin ( a group linked to Russia).

With this new taxonomy, each group is assigned a name that follows a very specific pattern: an adjective evoking a color, then a name of a weather phenomenon associated with a country or a specific objective. For example, groups that Microsoft links to Iran will always include the word “sandstorm”, those linked to Russia the word “blizzard”, and groups that sell their software or services at most offering the word “tsunami”.

Each group of hackers is designated by a weather phenomenon, depending on its objective or the country that supports it according to Microsoft.
Each group of hackers is designated by a weather phenomenon, depending on its objective or the country that supports it according to Microsoft. © Microsoft

But the choice of color can give surprising associations, in particular to designate criminal groups acting on a planetary scale.

“These names are just silly,” says Rob Lee, founder of cybersecurity firm Dragos at Wired.

He points out that the conclusions of cybersecurity companies can change over time, and that changing the names of hacker groups does not help. “Imagine the scene, ‘You were told it was ‘Dirty Mustard’ and now it’s ‘Swirling Storm’. You’re like, ‘What the fuck?'”

“It will not help us to be taken seriously as a profession”, regrets the manager.

And this change won’t solve all naming issues, because every cyber surveillance company calls the groups it investigates whatever it wants. The group “Phantom Blizzard”, formerly called “Bromine” by Microsoft, is also called by other companies “Energetic Bear”, or even… “Crouching Yeti”.

Share This:

California18

Welcome to California18, your number one source for Breaking News from the World. We’re dedicated to giving you the very best of News.

Leave a Reply