Microsoft Names Threat Actors
10 months ago
- #Microsoft
- #threat-actors
- #cybersecurity
- Microsoft uses a weather-themed taxonomy to categorize threat actors for clarity and ease of reference.
- Threat actors are divided into five groups: Nation-state actors, Financially motivated actors, Private sector offensive actors (PSOAs), Influence operations, and Groups in development.
- Nation-state actors are cyber operators acting on behalf of a nation/state, focusing on espionage, financial gain, or retribution.
- Financially motivated actors are criminal groups focused on financial gain through ransomware, phishing, and other extortion methods.
- PSOAs are commercial entities that create and sell cyberweapons, targeting dissidents, journalists, and human rights defenders.
- Influence operations manipulate perceptions and behaviors to further a group or nation's interests.
- Groups in development are emerging threats tracked until they can be classified or merged with existing groups.
- Each category is assigned a weather family name (e.g., Typhoon for China, Tempest for financially motivated actors).
- Threat actors within the same family are distinguished by adjectives based on tactics, techniques, and procedures (TTPs).
- Microsoft provides detailed mappings of threat actor names, origins, and aliases for better identification and tracking.
- Resources include Kusto query language (KQL) queries and comprehensive mapping files for threat actor names.