A hacker, many names: Industry collaboration aims to fix cyber threat label chaos

For example, the infamous Russian state-sponsored group is behind the Solarwinds violation. Microsoft calls it a midnight blizzard, but security teams may encounter comfort bears, APT29, Nobelium, UNC2452, Dark Halo or any other name of any other security company.

“Security teams usually receive several alerts about the same group of attackers, but each one uses a different name. This means they waste time chasing the same problem multiple times,” Singh explained. “The precious time needed to respond quickly to an attack is lost when the team is busy associating threat names.”

Kumar Avijit, vice president of Everest Group, pointed out the real consequences of chaos. “In fact, multiple alias of the same opponent coexist, preventing security teams from quickly picking up intelligence, sharing the ability to discover and identify responses,” Avijit said. “This mismatch leads to repeated efforts, delaying the response to events and leaving gaps when defenders think they are tracking obvious threats.”