Tech Giants Team Up to Create Unified Glossary for Cybercrime Groups

In a major move to reduce confusion in the cybersecurity world, Microsoft, CrowdStrike, Palo Alto Networks, and Google (Alphabet) announced on Monday that they will work together to create a public glossary of cybercriminal and state-sponsored hacking groups.

The goal? To simplify and standardize the many different nicknames used for the same hacking groups, which often leave both experts and the public puzzled.

“We believe this will speed up our joint response and strengthen our defense against these threat actors,” said Vasu Jakkal, Microsoft’s Vice President for Security.

Why This Matters
Cybersecurity companies have long used code names to track hacking groups. Some names are straightforward, like “APT1” or “TA453.” Others are more creative, such as “Cozy Bear” (a Russian group) or “Kryptonite Panda” (a Chinese group), names often used by CrowdStrike. Microsoft recently switched from naming groups after chemical elements (like “Rubidium”) to weather-themed names, such as “Lemon Sandstorm” and “Sangria Tempest.”

This mix of naming styles has caused confusion. For example, a U.S. government report on Russian hacking during the 2016 election listed 48 different names for similar groups, including “Sofacy,” “Pawn Storm,” and “OnionDuke.”

Michael Sikorski, Chief Technology Officer at Palo Alto’s threat intelligence unit, said the new glossary could be a “game-changer” because defenders need clear information during a cyberattack, not a mess of different names.

Not Everyone Is Convinced
Still, not everyone is sold on the idea. Juan-Andres Guerrero-Saade, a top cybersecurity researcher at SentinelOne, warned that unless companies start openly sharing information, the project could end up as little more than a marketing stunt.

Despite that, some early success has already been reported. CrowdStrike said the glossary helped them realize that Microsoft’s “Salt Typhoon” was the same group they were calling “Operator Panda.”

The tech giants hope to bring more partners and possibly the U.S. government into the initiative as they work to make the shadowy world of digital threats a little clearer for everyone.