While APT43’s link with the North Korean government was confirmed for the first time in the Mandiant report, the threat actor was already known by threat analysts under other names, such as Thallium, Kimsuky, Velvet Chollima, Black Banshee and STOLEN PENCIL.
This confusion comes down to each cyber threat intelligence (CTI) vendor operating its own attribution process for cyber-attacks – something we recently investigated on Infosecurity Magazine.
The most prominent threat group name is the Advanced Persistent Threat (APT). Commonly used by the whole CTI community, including US non-profit organization MITRE, which provides a standardized framework for tactics, techniques and procedures (TTPs), APT groups refer to clusters of sophisticated threat actors sponsored by, or acting on behalf of a government.
With geopolitical rather than financial motivations, APT groups typically operate cyber espionage campaigns and destructive cyber-attacks.
Once a threat actor has been confirmed to be a coherent group of hackers backed by a nation-state, the threat analysts who lead the cyber attribution allocate it a new APT number – the latest being APT43.
Other ‘sober’ naming conventions exist, consisting of codenames and numbers only. For example, APT-C groups are Chinese cybersecurity vendor 360 Security Technology’s equivalent to APT groups. APT-C numbers are sometimes used by other vendors.
Others, like MITRE’s G[XXX] (e.g. G1002) or SecureWorks’ legacy TG-[XXXX] (e.g. TG-3279), are mere identification numbers and their names do not reveal anything about the threat actor.
“We use a sober, or even dull, naming convention because we don’t want to glamorise those groups,” Collier added.
A Chinese-linked influence actor Microsoft tracks as Storm-1852 successfully pivoted to short-form video content that criticizes the Biden administration and Harris campaign before some of its assets disappeared from social media following reports of its activity. While most Storm-1852 personas masquerade as conservative US voters voting for Trump, a handful of accounts also create anti-Trump content and use political slogans and hashtags associated with American progressive politics.
The scary-cool name is there to help defenders take it seriously. If you give them a stupid name, elected leaders, business executives, and military leaders won’t take them seriously. It also becomes easier to tell them apart, and create identities. Who do they like to attack, how do they operate, what level of threat do they pose, etc. And then of course it sounds more impressive when you defeat them. Batman doesn’t get any respect for beating Condiment Man, but if he takes down Darkseid, people take notice.
I wondered if this might turn out to be somebody reading something into something, but Nope, he said it clear as a bell. You don’t accidentally say that unless you’re thinking it. This is obviously a word this guy uses frequently, and he even seems proud of himself for it.
Several members of the Police Benevolent Association allegedly approached him, one telling him that he had to obey the courtesy-card customs or the union wouldn’t protect him.
Looks like they were correct about that. The police union protects almost anything, except giving those with union ‘courtesy cards’ a traffic ticket apparently. That is just too far.
Possibly a rule 2/6 (opinion) issue. Not sure if you guys care on an article by article basis or just by source. Headline alone is pretty charged language.
news
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.