{"id":51662,"date":"2023-04-27T19:57:00","date_gmt":"2023-04-27T19:57:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/threat-actor-names-proliferate-adding-confusion"},"modified":"2023-04-27T19:57:00","modified_gmt":"2023-04-27T19:57:00","slug":"threat-actor-names-proliferate-adding-confusion","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/","title":{"rendered":"Threat Actor Names Proliferate, Adding Confusion"},"content":{"rendered":"

The cyberattackers conducting espionage operations on behalf of Iran’s Islamic Revolutionary Guard Corps have been known by a variety of names, depending on the threat intelligence group investigating the attacks: Magic Hound, APT35, Charming Kitten, Cobalt Illusion, TA453, and PHOSPHORUS.<\/p>\n

Add one more to the mix: Mint Sandstorm.<\/p>\n

Last week, Microsoft changed its naming convention for threat groups, doing away with all-cap names derived from atomic elements, such as ACTINIUM, and adopting a two-name scheme based on storm terminology, such as Aqua Blizzard \u2014 the Russia-related group formerly known as ACTINIUM. The company adopted the new convention<\/a> to indicate the interest of the sponsor of the attack group \u2014 Blizzard for Russia, Typhoon for China, and Tempest for financially motivated actors, for example \u2014 in much the same way that CrowdStrike and Secureworks create their names for threat groups.<\/p>\n

Such monikers are a way to give clients and customers an easy way to remember the adversaries behind particular threats and attacks, says Sherrod DeGrippo, director of threat intelligence strategy at Microsoft.<\/p>\n

“By giving them something that answers that and sticks in their reference memory, they can jump into deeper analysis and investigation faster,” she says. “We want to effectively protect and inform our customers; this is a step toward evolving that capability and making it more clear for security practitioners and other threat intelligence analysts.”<\/p>\n

Unfortunately, having yet another naming convention also adds to the proliferation of labels for threat groups, a surfeit that \u2014 to some extent \u2014 muddies the already murky waters of threat attribution. There are at least eight names for the Iranian group that Microsoft called PHOSPHORUS, and 15 names for the Russian group known as Cozy Bear<\/a>, including two former Microsoft names \u2014 YTTRIUM and NOBELIUM \u2014 and now its new Microsoft name, Midnight Blizzard<\/a>, according to the ATT&CK database<\/a> maintained by MITRE, a non-profit government research organization.<\/p>\n

A lot of people are confused about what names apply to what groups, says Adam Pennington, ATT&CK lead at MITRE.<\/p>\n

“There are a ton of different names out there, because there are a lot of companies that have gotten into this space … and so each of these organizations is coming up with potentially a little bit different definition of what this group is that they’re seeing. They each have a different intelligence picture.”<\/p>\n

When a Cozy Bear Isn’t<\/h2>\n

In the 1990s and early 2000s, security firms often coined their own names for computer viruses, hoping that their name would stick as a demonstration that they were first to catch a particular threat. Yet others often attached a different name to a particular threat \u2014 thus, Conficker<\/a> also answered to Downup and Kido, while the Blaster worm also went by MSBlast and Lovesan.<\/p>\n

Yet while those names were pseudonyms for the same threats, attribution of threat groups is different, part art and part science, says Microsoft’s DeGrippo.<\/p>\n

“Each vendor uses different data to assign actor attribution, with different levels of confidence,” she says. “Because each vendor approaches this analysis of a threat in a different way, they often don\u2019t agree on attribution or only find partial overlaps, requiring each of them to create their own unique names to describe their unique view.”<\/p>\n

\n\"Table\n<\/picture>
Each company uses a different name, and sometimes more than one, for the same threat group. Data source: MITRE, Microsoft<\/figcaption><\/figure>\n

Take the notorious Cozy Bear, a group of cyber operators acting on behalf of the Foreign Intelligence Service of the Russian Federation (SVR), who have operated since at least 2008. The group is perhaps most famously known for compromising the computers at the Democratic National Convention and as executing the supply chain attack that involved compromising SolarWinds. Cozy Bear is CrowdStrike’s name for the group, but both Mandiant and Microsoft had two names for the group \u2014 UNC2452 and APT29 for Mandiant, and NOBELIUM and YTTRIUM for Microsoft \u2014 highlighting that differences in analysis could lead to different conclusions.<\/p>\n

In addition, with many nation-state actors, there is a lot of cross-pollination between cyber-operations groups, so it’s natural that vendors’ pictures of attackers would diverge, says MITRE’s Pennington.<\/p>\n

“When you get into countries like North Korea and Iran, there’s often quite a bit of disagreement between different companies, where they draw the lines between groups and how many different things they pulled together into a single entity,” he says. “So, there are some solid differences depending on the intelligence that companies have and the parts of the threat group that they are looking at.”<\/p>\n

The Adversary Problem Is a Bit of a Problem<\/h2>\n

Threat intelligence vendors and incident response firms like to say<\/a>, “You don’t have a malware problem, you have an adversary problem.” With the firms tracking hundreds of threat groups, the multitude of names may make it harder for companies to determine who is attacking them.<\/p>\n

Threat intelligence analysts are aware that poor attribution can undermine their efforts, so they take steps to make sure that attribution is correct and that the assignation of an attack to a new group of actors is done with care, CrowdStrike stated in a blog post<\/a> on the topic.<\/p>\n

“Only after a series of rigid analytic steps will an actor be given a name and added to CrowdStrike’s list of named adversaries,” the company stated.<\/p>\n

Looking beyond the names, however, attribution does have significant benefits. Knowing that a group \u2014 whether it’s named APT28, Fancy Bear, or Forest Blizzard \u2014 targets political and governmental institutions can help companies and organizations determine whether they might be targeted. In addition, by noting the range of tactics that a group employs, a company can look for and guard against those efforts<\/a>, once they have identified the group.<\/p>\n

Will vendors ever be able to use the same name for the same threat group? Perhaps not, says Microsoft’s DeGrippo.<\/p>\n

“This is something, honestly, that may never be solved completely,” she says. “The threat landscape moves very quickly, and we need to be able to link attribution to activities rapidly. Depending upon data sharing and consensus across a large industry with many vendors could slow down a security company’s ability to attribute, causing a gap in threat protection.”<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Goodbye, PHOSPHORUS! Hello, Mint Sandstorm. Microsoft adopts two-word monikers for threat groups, but do we really need more?Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51662","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nThreat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-27T19:57:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Threat Actor Names Proliferate, Adding Confusion\",\"datePublished\":\"2023-04-27T19:57:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/\"},\"wordCount\":1038,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8d0b45dc90297164\\\/64496f6f8f72c043efa6af78\\\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/\",\"name\":\"Threat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8d0b45dc90297164\\\/64496f6f8f72c043efa6af78\\\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale\",\"datePublished\":\"2023-04-27T19:57:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8d0b45dc90297164\\\/64496f6f8f72c043efa6af78\\\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt8d0b45dc90297164\\\/64496f6f8f72c043efa6af78\\\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actor-names-proliferate-adding-confusion\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Threat Actor Names Proliferate, Adding Confusion\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/","og_locale":"en_US","og_type":"article","og_title":"Threat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-04-27T19:57:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Threat Actor Names Proliferate, Adding Confusion","datePublished":"2023-04-27T19:57:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/"},"wordCount":1038,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/","url":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/","name":"Threat Actor Names Proliferate, Adding Confusion 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale","datePublished":"2023-04-27T19:57:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt8d0b45dc90297164\/64496f6f8f72c043efa6af78\/lemos-table-of-threat-group-names.png?width=690&quality=80&format=webply&disable=upscale"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/threat-actor-names-proliferate-adding-confusion\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Threat Actor Names Proliferate, Adding Confusion"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51662"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51662\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}