@@ -6,16 +6,16 @@ ms.service: defender-xdr
66ms.mktglfcycl : secure
77ms.sitesec : library
88ms.localizationpriority : medium
9- ms.author : vpattnaik
10- author : diannegali
9+ ms.author : diannegali
10+ author : vpattnaik
1111manager : dansimp
1212audience : ITPro
1313ms.collection :
1414- m365-security
1515- tier2
1616ms.topic : conceptual
1717search.appverid : met150
18- ms.date : 06/12 /2024
18+ ms.date : 08/19 /2024
1919---
2020
2121# How Microsoft names threat actors
@@ -54,6 +54,7 @@ Use the following reference table to understand how our previously publicly disc
5454
5555| Threat actor name| Previous name| Origin/Threat| Other names|
5656| :---:| :---:| :---:| :---:|
57+ | Antique Typhoon| Storm-0558| China||
5758| Aqua Blizzard| ACTINIUM| Russia| UNC530, Primitive Bear, Gamaredon|
5859| Blue Tsunami|| Private sector offensive actor| Black Cube|
5960| Brass Typhoon| BARIUM| China| APT41|
@@ -97,7 +98,7 @@ Use the following reference table to understand how our previously publicly disc
9798| Night Tsunami| DEV-0336| Private sector offensive actor| NSO Group|
9899| Nylon Typhoon| NICKEL| China| ke3chang, APT15, Vixen Panda|
99100| Octo Tempest| Storm-0875| Financially motivated| 0ktapus, Scattered Spider, UNC3944|
100- | Onyx Sleet| PLUTONIUM| North Korea| Silent Chollima, Andariel, DarkSeoul|
101+ | Onyx Sleet| PLUTONIUM| North Korea| APT45, Silent Chollima, Andariel, DarkSeoul|
101102| Opal Sleet| OSMIUM| North Korea| Konni|
102103| Peach Sandstorm| HOLMIUM| Iran| APT33, Refined Kitten|
103104| Pearl Sleet| DEV-0215 (LAWRENCIUM)| North Korea||
@@ -110,13 +111,15 @@ Use the following reference table to understand how our previously publicly disc
110111| Purple Typhoon| POTASSIUM| China| APT10, Cloudhopper, MenuPass|
111112| Raspberry Typhoon| RADIUM| China| APT30, LotusBlossom|
112113| Ruby Sleet| CERIUM| North Korea||
114+ | Ruza Flood| Storm-1099| Russia, Influence operations||
113115| Salmon Typhoon| SODIUM| China| APT4, Maverick Panda|
114116| Sangria Tempest| ELBRUS| Financially motivated| Carbon Spider, FIN7|
115117| Sapphire Sleet| COPERNICIUM| North Korea| Genie Spider, BlueNoroff|
116118| Seashell Blizzard| IRIDIUM| Russia| APT44, Sandworm|
117119| Secret Blizzard| KRYPTON| Russia| Venomous Bear, Turla, Snake|
120+ | Sefid Flood| Storm-1364| Iran, Influence operations||
118121| Silk Typhoon| HAFNIUM| China||
119- | Smoke Sandstorm| BOHRIUM| Iran||
122+ | Smoke Sandstorm| BOHRIUM| Iran| UNC1549 |
120123| Spandex Tempest| CHIMBORAZO| Financially motivated| TA505|
121124| Star Blizzard| SEABORGIUM| Russia| Callisto, Reuse Team|
122125| Storm-0062|| China| DarkShadow, Oro0lxy|
@@ -125,23 +128,24 @@ Use the following reference table to understand how our previously publicly disc
125128| Storm-0257|| Group in development| UNC1151|
126129| Storm-0324|| Financially motivated| TA543, Sagrid|
127130| Storm-0381|| Financially motivated||
131+ | Storm-0501|| Group in development||
132+ | Storm-0506|| Group in development||
128133| Storm-0530|| North Korea| H0lyGh0st|
129134| Storm-0539|| Financially motivated| Atlas Lion|
130- | Storm-0558|| China||
131135| Storm-0569|| Financially motivated||
132136| Storm-0587|| Russia| SaintBot, Saint Bear, TA471|
133137| Storm-0744|| Financially motivated||
134138| Storm-0784|| Iran||
135139| Storm-0829|| Group in development| Nwgen Team|
136140| Storm-0835|| Group in development| EvilProxy|
137141| Storm-0842|| Iran||
142+ | Storm-0844|| Group in development||
138143| Storm-0861|| Iran||
139144| Storm-0867|| Egypt| Caffeine|
140145| Storm-0971|| Financially motivated| (Merged into Octo Tempest)|
141146| Storm-0978|| Group in development| RomCom, Underground Team|
142147| Storm-1044|| Financially motivated| Danabot|
143148| Storm-1084|| Iran| DarkBit|
144- | Storm-1099|| Russia||
145149| Storm-1101|| Group in development| NakedPages|
146150| Storm-1113|| Financially motivated||
147151| Storm-1133|| Palestinian Authority||
@@ -151,17 +155,22 @@ Use the following reference table to understand how our previously publicly disc
151155| Storm-1283|| Group in development||
152156| Storm-1286|| Group in development||
153157| Storm-1295|| Group in development| Greatness|
154- | Storm-1364|| Iran||
155- | Storm-1376|| China, Influence operations||
156158| Storm-1516|| Russia, Influence operations||
157159| Storm-1567|| Financially motivated| Akira|
158160| Storm-1575|| Group in development| Dadsec|
161+ | Storm-1660|| Iran, Influence operations||
159162| Storm-1674|| Financially motivated||
160163| Storm-1679|| Russia, Influence operations||
164+ | Storm-1804|| Iran, Influence operations||
165+ | Storm-1805|| Iran, Influence operations||
161166| Storm-1811|| Financially motivated||
167+ | Storm-1841|| Russia, Influence operations||
162168| Storm-1849|| China| UAT4356|
169+ | Storm-1852|| Group in development||
170+ | Storm-2035|| Iran, Influence operations||
163171| Strawberry Tempest|| Financially motivated| LAPSUS$|
164172| Sunglow Blizzard|| Russia||
173+ | Taizi Flood| Storm-1376| China, Influence operations| Spamouflage, Dragonbridge|
165174| Tomato Tempest| SPURR| Financially motivated| Vatet|
166175| Vanilla Tempest| DEV-0832| Financially motivated||
167176| Velvet Tempest| DEV-0504| Financially motivated||
0 commit comments