Merge pull request #3549 from MicrosoftDocs/main

aditisrivastava07 · web-flow · commit af2cd426af15 · 2025-04-23T11:04:49.000+05:30
[AutoPublish] main to live - 04/22 22:32 PDT | 04/23 11:02 IST
diff --git a/unified-secops-platform/microsoft-threat-actor-naming.md b/unified-secops-platform/microsoft-threat-actor-naming.md
@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 3/5/2025
+ms.date: 4/22/2025
 ---
 
 # How Microsoft names threat actors
@@ -59,6 +59,7 @@ The following table lists publicly disclosed threat actor names with their origi
 |Amethyst Rain|Lebanon|Volatile Cedar|
 |[Antique Typhoon](https://www.microsoft.com/en-us/security/blog/2023/07/14/analysis-of-storm-0558-techniques-for-unauthorized-email-access/)|China|Storm-0558|
 |[Aqua Blizzard](https://www.microsoft.com/en-us/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/)|Russia|ACTINIUM, Gamaredon, Armageddon, UNC530, shuckworm, SectorC08, Primitive Bear|
+|Berry Sandstorm|Iran|Storm-0852|
 |Blue Tsunami|Israel, Private sector offensive actor||
 |Brass Typhoon|China|BARIUM, APT41|
 |Brocade Typhoon|China|BORON, UPS, Gothic Panda, APT3, OLDCARP, TG-0110, Red Sylvan, CYBRAN|
@@ -125,7 +126,7 @@ The following table lists publicly disclosed threat actor names with their origi
 |Pumpkin Sandstorm|Iran|DEV-0146|
 |Purple Typhoon|China|POTASSIUM, GOLEM, Evilgrab, AEON, LIVESAFE, ChChes, APT10, Haymaker, Webmonder, STONE PANDA, Foxtrot, Foxmail, MenuPass, Red Apollo|
 |Raspberry Typhoon|China|RADIUM, LotusBlossom, APT30|
-|Red Sandstorm|Iran|Void Manticore|
+|Red Sandstorm|Iran|Void Manticore, Storm-0842|
 |Ruby Sleet|North Korea|CERIUM|
 |Ruza Flood|Russia, Influence operations||
 |Salmon Typhoon|China|SODIUM, APT4, MAVERICK PANDA|
@@ -147,6 +148,7 @@ The following table lists publicly disclosed threat actor names with their origi
 |Storm-0247|China|ToddyCat, Websiic|
 |Storm-0288|Group in development|FIN8|
 |Storm-0302|Group in development|Narwhal Spider, TA544|
+|[Storm-0408](https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/)|Group in development||
 |[Storm-0501](https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/)|Financially motivated|DEV-0501|
 |Storm-0538|Group in development|FIN6|
 |[Storm-0539](https://www.microsoft.com/en-us/security/blog/2024/05/23/cyber-signals-inside-the-growing-risk-of-gift-card-fraud/)|Financially motivated||
@@ -163,6 +165,7 @@ The following table lists publicly disclosed threat actor names with their origi
 |[Storm-1674](https://www.microsoft.com/en-us/security/blog/2023/12/28/financially-motivated-threat-actors-misusing-app-installer/)|Financially motivated||
 |[Storm-1679](https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/)|Influence operations||
 |[Storm-1811](https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/)|Financially motivated||
+|[Storm-1865](https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/)|Group in development||
 |Storm-1982|China|SneakyCheff, UNK_SweetSpecter|
 |[Storm-2035](https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/5bc57431-a7a9-49ad-944d-b93b7d35d0fc.pdf)|Iran, Influence operations||
 |[Storm-2077](https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/#storm-2077)|China|TAG-100|
@@ -180,6 +183,7 @@ The following table lists publicly disclosed threat actor names with their origi
 |[Volt Typhoon](https://www.microsoft.com/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques)|China|BRONZE SILHOUETTE, VANGUARD PANDA|
 |Wheat Tempest|Financially motivated|GOLD, Gatak|
 |Wisteria Tsunami|India, Private sector offensive actor|DEV-0605|
+|Yulong Flood|China,, Influence operations|Storm-1852|
 |Zigzag Hail|South Korea|DUBNIUM, Nemim, TEMPLAR, TieOnJoe, Fallout Team, Purple Pygmy, Dark Hotel, Egobot, Tapaoux, PALADIN, Darkhotel|
 
 Read our announcement about this taxonomy for more information: [https://aka.ms/threatactorsblog](https://aka.ms/threatactorsblog)
