Microsoft has overhauled its cyber threat operation nomenclature systems, with hackers now being named after weather events, reports The Verge.
Nation-state hacking groups will be named according to their country of origin, with Russian and Chinese attackers having the 'Blizzard' and 'Typhoon' monikers, respectively, while those from Iran and North Korea will be designated 'Sandstorm' and 'Sleet', respectively. Under the new naming scheme, Russian state-sponsored threat group Cozy Bear will now be tracked as Midnight Blizzard.
Moreover, financially motivated threat operations will receive the 'Tempest' name, with the Lapsus$ hacking group now referred to as Strawberry Tempest. On the other hand, the 'Tsunami' name has been given to private sector offensive actors, while 'Flood' has been used to refer to influence operations.
Meanwhile, new or unknown attackers will be given the 'Storm' designation along with a four-digit number.
"We realize that other vendors in the industry also have unique naming taxonomies representing their distinct view of threats based on their intelligence. Therefore, we will strive to also include other threat actor names within our security products to reflect these analytic overlaps and help customers make well-informed decisions," said Microsoft Corporate Vice President of Threat Intelligence.
Impacted by different levels of log disruption were Microsoft Entra, Microsoft Sentinel, Azure Logic Apps, Azure Monitor, Azure Healthcare APIs, Azure Trusted Signing, Azure Virtual Desktop, and Power Platform, according to Microsoft.
Attacks involved the display of fraudulent Google Meet popup alerts, which would download the StealC or Rhadamanthys infostealers for Windows users and the AMOS Stealer payload for macOS users, according to a Sekoia analysis.
Malicious spear-phishing messages have been leveraged by RomCom to distribute the MeltingClaw or RustyClaw downloaders for the ShadyHammock and DustyHammock backdoors, respectively, with the latter facilitating the delivery of the SingleCamper trojan.