*

Microsoft ( MSFT ), CrowdStrike ( CRWD ), Palo Alto, Google create glossary

for

hacker nicknames

*

Proliferation of whimsical monikers has sometimes created

confusion

*

SentinelOne ( S ) executive skeptical about initiative's

effectiveness

By Raphael Satter and AJ Vicens

WASHINGTON, June 2 (Reuters) - Microsoft ( MSFT ), CrowdStrike ( CRWD ),

Palo Alto and Alphabet's Google on Monday

said they would create a public glossary of state-sponsored

hacking groups and cybercriminals, in a bid to ease confusion

over the menagerie of unofficial nicknames for them.

Microsoft ( MSFT ) and CrowdStrike ( CRWD ) said they hoped to

potentially bring other industry partners and the U.S.

government into the effort to identify Who's Who in the murky

world of digital espionage.

"We do believe this will accelerate our collective response and

collective defense against these threat actors," said Vasu

Jakkal, corporate vice president, Microsoft Security.

How meaningful the effort ends up being remains to be seen.

Cybersecurity companies have long assigned coded names to

hacking groups, as attributing hackers to a country or an

organization can be difficult and researchers need a way to

describe who they are up against.

Some names are dry and functional, like the "APT1" hacking group

exposed by cybersecurity firm Mandiant or the "TA453" group

tracked by Proofpoint. Others have more color and mystery, like

the "Earth Lamia" group tracked by TrendMicro or the "Equation

Group" uncovered by Kaspersky.

Crowdstrike's ( CRWD ) evocative nicknames - "Cozy Bear" for a set of

Russian hackers, or "Kryptonite Panda" for a set of Chinese ones

- have tended to be the most popular, and others have also

adopted the same kind of offbeat monikers.

In 2016, for example, the company Secureworks - now owned by

Sophos - began using the name "Iron Twilight" for the Russian

hackers it previously tracked as "TG-4127." Microsoft ( MSFT ) itself

recently revamped its nicknames, moving away from staid,

element-themed ones like "Rubidium" to weather-themed ones like

"Lemon Sandstorm" or "Sangria Tempest."

But the explosion of whimsical aliases has already led to

overload. When the U.S. government issued a report about hacking

attempts against the 2016 election, it sparked confusion by

including 48 separate nicknames attributed to a grab bag of

Russian hacking groups and malicious programs, including

"Sofacy," "Pawn Storm," "CHOPSTICK," "Tsar Team," and

"OnionDuke."

Michael Sikorski, the chief technology officer for Palo

Alto's threat intelligence unit, said the initiative was a

"game-changer."

"Disparate naming conventions for the same threat actors

create confusion at the exact moment defenders need clarity," he

said.

Juan-Andres Guerrero-Saade, a top researcher at the

cybersecurity firm SentinelOne ( S ), was skeptical of the effort,

saying the cold reality of the cybersecurity industry was that

companies hoarded information.

Unless that changed, he said, "this is

branding-marketing-fairy dust sprinkled on top of business

realities."

But CrowdStrike ( CRWD ) Senior Vice President of counter adversary

operations, Adam Meyers, said the move had already delivered a

win by helping his analysts connect a group Microsoft ( MSFT ) called

"Salt Typhoon" with one CrowdStrike ( CRWD ) dubbed "Operator Panda."