@@ -17,7 +17,7 @@ ms.custom:
1717- cx-ti
1818ms.topic : conceptual
1919search.appverid : met150
20- ms.date : 12/19/2024
20+ ms.date : 3/5/2025
2121---
2222
2323# How Microsoft names threat actors
@@ -108,6 +108,7 @@ The following table lists publicly disclosed threat actor names with their origi
108108| [ Moonstone Sleet] ( https://www.microsoft.com/en-us/security/blog/2024/05/28/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks/ ) | North Korea| Storm-1789|
109109| Mulberry Typhoon| China| MANGANESE, Backdoor-DPD, COVENANT, CYSERVICE, Bottle, Red Horus, Red Naga, Auriga, KEYHOLE PANDA, APT5, ATG48, TG-2754, tabcteng|
110110| Mustard Tempest| Financially motivated| DEV-0206|
111+ | [ Neva Flood] ( (https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/) ) | Russia, Influence operations| Storm-1516|
111112| Night Tsunami| Israel| DEV-0336|
112113| Nylon Typhoon| China| NICKEL, Playful Dragon, RedRiver, ke3chang, VIXEN PANDA, APT15, Mirage|
113114| [ Octo Tempest] ( https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/ ) | Financially motivated| 0ktapus, Scattered Spider|
@@ -124,6 +125,7 @@ The following table lists publicly disclosed threat actor names with their origi
124125| Pumpkin Sandstorm| Iran| DEV-0146|
125126| Purple Typhoon| China| POTASSIUM, GOLEM, Evilgrab, AEON, LIVESAFE, ChChes, APT10, Haymaker, Webmonder, STONE PANDA, Foxtrot, Foxmail, MenuPass, Red Apollo|
126127| Raspberry Typhoon| China| RADIUM, LotusBlossom, APT30|
128+ | Red Sandstorm| Iran| Void Manticore|
127129| Ruby Sleet| North Korea| CERIUM|
128130| Ruza Flood| Russia, Influence operations||
129131| Salmon Typhoon| China| SODIUM, APT4, MAVERICK PANDA|
@@ -135,7 +137,7 @@ The following table lists publicly disclosed threat actor names with their origi
135137| [ Secret Blizzard] ( https://www.microsoft.com/en-us/security/blog/2024/12/04/frequent-freeloader-part-i-secret-blizzard-compromising-storm-0156-infrastructure-for-espionage/ ) | Russia| KRYPTON, VENOMOUS BEAR, Uroburos, Snake, Blue Python, Turla, WRAITH, ATG26|
136138| Sefid Flood| Iran, Influence operations||
137139| Shadow Typhoon| China| DarkShadow, Oro0lxy|
138- | Silk Typhoon| China| HAFNIUM, timmy|
140+ | [ Silk Typhoon] ( https://www.microsoft.com/en-us/security/blog/tag/silk-typhoon-hafnium/ ) | China| HAFNIUM, timmy|
139141| Smoke Sandstorm| Iran| UNC1549|
140142| Spandex Tempest| Financially motivated| TA505|
141143| Spotted Sandstorm|| NEODYMIUM, BlackOasis|
@@ -157,7 +159,6 @@ The following table lists publicly disclosed threat actor names with their origi
157159| [ Storm-1152] ( https://blogs.microsoft.com/on-the-issues/2023/12/13/cybercrime-cybersecurity-storm-1152-fraudulent-accounts/ ) | Financially motivated||
158160| [ Storm-1175] ( https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ ) | China, Financially motivated||
159161| Storm-1194| Group in development| MONTI|
160- | [ Storm-1516] ( https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/ ) | Russia, Influence operations||
161162| [ Storm-1567] ( https://www.microsoft.com/en-us/security/blog/2023/10/11/automatic-disruption-of-human-operated-attacks-through-containment-of-compromised-user-accounts/ ) | Financially motivated||
162163| [ Storm-1674] ( https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/ ) | Financially motivated||
163164| [ Storm-1679] ( https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/ ) | Influence operations||
0 commit comments