The SECRET behind the names of HACKERS #shorts

Channel:
France Numerama
Subscribers:
196,000
Published on ● Video Link: https://www.youtube.com/watch?v=pnoPWmtqIGU


Duration: 0:00
12,485 views
577

Following cyber news is like witnessing a never-ending hunt: masked hackers, constantly changing tactics, facing analysts and researchers striving to pursue an elusive adversary. To communicate effectively and coordinate defense, a common language had to be invented: giving a name to the invisible enemy.

With the rise of sophisticated attacks carried out by organized groups (the famous APTs, for Advanced Persistent Threats), this necessity has become central. Naming means being able to track, understand, and tell the story of these groups.

It is out of this need for mapping and narrative that researchers have begun to name these cybercriminal groups, capable of infiltrating strategic infrastructures for months, even years. A name for each signature, each modus operandi, each significant campaign.

Behind these names lies the desire to bring order to a chaotic landscape, but also to distinguish targeted attacks from opportunistic waves, and to set in stone operations carried out in the shadows.

Let's start with the exceptions: some groups claim their own identity. This is particularly true for ransomware groups like LockBit or Conti, whose sole motivation is financial gain. They seek to make their name famous in order to instill fear and strengthen their position during negotiations with their victims. Another case is hacktivism groups seeking media notoriety (Anonymous).

But for other structured groups, particularly those linked to state espionage, the situation is different. These collectives, often very discreet, do not identify with the name publicly assigned to them.

The most emblematic term to designate these actors therefore remains Advanced Persistent Threat (APT), used by the entire cyber threat intelligence community, including the MITRE organization, which provides a standardized framework for their tactics and techniques.

When one of these groups is formally identified as a coherent entity operating on behalf of a state, analysts assign it an APT number. This numbering system was initiated in 2013 with the publication by Mandiant of the report on APT1, linked to Unit 61398 of the Chinese army. Mandiant uses the same logic for financially motivated groups, using the FIN prefix.

But subsequently, major cybersecurity companies began to name these groups according to their own methods, sometimes as creative as they are codified.

CrowdStrike, for example, popularized an original nomenclature: associating an animal with an adjective. The animal then indicates the presumed geographic origin of the group (Bear for Russia, Panda for China, Kitten for Iran, etc.), while the adjective allows for differentiation between groups from the same country (Fancy Bear, Cozy Bear, etc.). This playful yet structured approach allows users to identify a group's supposed origin at a glance.

Microsoft follows the same logic, which has been inspired by meteorological phenomena since 2023: Blizzard for Russia, Typhoon for China, Sandstorm for Iran, etc.

Since January 2025, Palo Alto Networks, through its Unit 42 team, has been using a naming system based on astronomy. Each name is composed of two elements: the name of a constellation, which indicates the group's category or region of activity, and a word with no particular meaning, used to differentiate several groups within the same category. For example, Virgo refers to a hacktivist group, Taurus to a group affiliated with China, Pisces to North Korea, etc.

Other cybersecurity companies are more cautious and avoid singling out specific countries when naming cybercriminal groups. This is the case at Trend Micro, which uses a prefix only to indicate the group's motivation. Thus, according to their logic, "Earth" refers to groups with geopolitical espionage motives, "Water" to groups with financial motives, and "Void" to groups with uncertain or mixed motives.

Are you confused? That's perfectly normal, and that's the problem.

This creativity has a downside: the lack of standardization. The same group can therefore be referred to by several names depending on the company: CrowdStrike's Fancy Bear becomes Microsoft's Forest Blizzard, while APT41 is known as Wicked Panda or Brass Typhoon.

Sometimes a name is born from a misattribution, such as Winnti, which Kaspersky first assigned to a family of malware, before being taken up to designate the entire group of attackers, despite the fact that it uses several different tools.



Other Videos By Numerama


2025-09-09Why the iPhone 17 Pro will be less good in France #shorts
2025-09-09Introducing the NEW iPhone Air! #shorts
2025-09-09Introducing the iPhone 17 Pro! #shorts
2025-09-09Here is the new XPeng P7+ sedan! #shorts
2025-09-09Hyundai's crazy concepts at the IAA in Munich! #shorts
2025-09-09TESLA'S NEW COMPETITOR! #shorts
2025-09-08Lady Gaga's costume hides a SECRET! #shorts
2025-09-05BMW iX3: We got a PREVIEW of the new REVOLUTIONARY ELECTRIC SUV
2025-09-05BMW iX3: We got a PREVIEW of this REVOLUTIONARY new electric SUV 🔥 #shorts
2025-09-03Luigi Mangione modeled for SHEIN? #shorts
2025-09-01The SECRET behind the names of HACKERS #shorts
2025-09-01The Secret Code Behind Hacker Names
2025-08-30Here's how to use Google's new generative AI: Nano-banana #shorts
2025-08-29Nano Banana: Everything you can do with Google's photo-editing AI
2025-08-29TIP for sending photos from an Android to a Mac! #shorts
2025-08-28La guerre des smartphones pliants est DÉCLARÉE ! #shorts
2025-08-27ANDROID TUTORIAL: How to send photos to a Mac (AirDrop alternative)
2025-08-27Is the Google Pixel 10 Pro really better than the iPhone? #shorts
2025-08-26Do NOT buy an iPhone now! #shorts
2025-08-25An alternative version of K-POP DEMON HUNTERS? #shorts
2025-08-23This scene took 8 MONTHS of work?! #shorts