- Cybersecurity experts recommend we rethink the way we name attackers
- Names like Salt Typhoon and Fuzzy Bear are misleading, they argue
- Microsoft and CrowdStrike have agreed to align their naming conventions
A co-written article from former heads of the UK and USA cybersecurity agencies, Jen Easterly (CISA) and Ciaran Martin (NCSC), has called for the naming conventions of threat actors to be reconsidered, calling the current names ‘misleading’.
“These names aren’t just confusing—they’re misleading. They obscure attribution, mystify the public, and often glamorize dangerous adversaries,” the Just Security article urges.
“That’s why we welcome the news that cybersecurity leaders Microsoft and CrowdStrike are teaming up to better align how they name and categorize cyber threat actors.”
The latter sentence refers to a new strategic collaboration in which Microsoft and CrowdStrike will align in their threat actor taxonomies, which it hopes will help improve confidence in threat actor identification, ‘streamline correlation’ between reports, as well as ‘accelerate defender action in the face of active cyberthreats.’
Objectively ridiculous
Easterly and Martin believe while this collaboration will help, it won’t ‘fundamentally reform’ the naming convention in the way that’s needed.
“Here’s the problem: we still lack a shared, vendor-neutral, public taxonomy that enables global alignment and interoperability,” they added.
“In the meantime, we’re still using names that sound more like comic book characters than what they really are: nation-state hackers and cybercriminals actively trying to disrupt hospitals, paralyze governments, and hold businesses hostage.”
The security experts believe that giving cybercriminals names like ‘Scattered Spider’ or ‘Volt Typhoon’ contribute to a sort of brand identity for the groups, running de-facto marketing campaigns for them and misleading the public on the severity of the threats.
The article calls for security experts to stop naming groups in ways that ‘mystify, glamorize, or sanitize their nefarious activities’, and even goes as far as to call it an ‘objectively ridiculous way to inform the public’ about dangerous organized crime gangs.
Organizations like Scattered Spider have done serious damage and have disrupted public life in a measurable way, as it did with the alleged ransomware attack targeting British retailers – and their name should reflect the danger they pose.
“These actors don’t deserve clever names,” the article notes. “Calling them dirtbags would frankly be more appropriate, or if creative branding is aimed at making them more memorable, we’d suggest names like Scrawny Nuisance, Weak Weasel, Feeble Ferret, or Doofus Dingo.”
