Beware of these weather-named threat actors

Know who the biggest online threats are

by Alexandru Poloboc

Alexandru Poloboc

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,… read more

  • The tech giant just renamed the entire threat-actor database.
  • Now, threats are going to be labeled using weather-themed icons.
  • Certain countries have their own unique logos, to be identified faster.


In this ever-changing online world, security is or should be the number one priority for everyone involved. However, that is easier said than done.

Malicious third parties seem to always be one step ahead of everyone, and staying protected means we need to also evolve and progress.

Now, Microsoft Security is making a big change in how it labels threat actors. Today, the tech giant revealed that from now on, these threats will be labeled based on weather terms.

Microsoft renamed threat actors based on wather

Speaking of security, you might want to look up how you can stay safe while online. On that note, we’ve prepared a lot of security-oriented articles to help you out.

If you are still using Windows 10, we’ve tested over 25 antivirus solutions and have compiled a list of the best ones for you.

Circling back, Microsoft said that, with the new taxonomy, it intends to bring better context to customers and security researchers that are already confronted with an overwhelming amount of threat intelligence data.

This initiative will offer a more organized, memorable, and easy way to reference adversary groups so that organizations can better prioritize threats and protect themselves.

Basically, security professionals will instantly have an idea of the type of threat actor they are up against, just by reading the name.

Furthermore, a large number of the new weather terms will identify the threat actors as coming from specific countries.

China Typhoon
Iran Sandstorm
Lebanon Rain
North Korea Sleet
Russia Blizzard
South Korea Hail
Turkey Dust
Vietnam Cyclone

The Redmond company will also break down some more specific threats from certain nation-states with additional sub-categories.

Russia has Blizzard as its main threat name, but it will also get Midnight Blizzard, Forest Blizzard, and Aqua Blizzard for more specific security issues, for example.

Of course, these new innovative weather terms will also extend to describe other threat actor issues, as you are about to see in the table below.

Financially motivated Tempest
Private sector offensive actors Tsunami
Influence operations Flood
Groups in development Storm

And, if a threat comes from an unknown source, or if one cannot be identified immediately, Microsoft will use the term Storm, followed by a four-digit number, as a preliminary label until it can be fully identified.

Microsoft claims that it has also established a new set of icons to go along with these new weather names for threat actors.

Microsoft threat actor names

Each of these icons uniquely represents a family name, and where it makes sense will accompany the threat actor names as a visual aid.
In truth, this new naming approach does not in any way change who the threat actors are that the company is tracking.

If you want to find out more about this new system, head on over to the dedicated Microsoft support page.

Know that all of Microsoft’s product pages that use security threat terminology will be updated with the new terms by September 2023.

We’ll monitor the situation and see what else Microsoft comes up with. Be sure to leave a comment below with your thoughts and opinions on this matter.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *