The Wall Street Journal reports today about a massive Chinese cyberattack on US broadband suppliers:
The hacking campaign, called Salt Typhoon...is the latest in a series of incursions that U.S. investigators have linked to China in recent years.
....Last week, U.S. officials said they had disrupted...a China-based hacking group called Flax Typhoon. And in January, federal officials disrupted Volt Typhoon, yet another China-linked campaign that has sought to quietly infiltrate a swath of U.S. critical infrastructure.
OK, I get the "typhoon" part. Destructive storm, Asian origin, etc. But what's with salt, flax, and volt?
they're just easier to remember than something like 'PLA Unit 61398'
https://en.wikipedia.org/wiki/Cyberwarfare_by_China#List_of_APTs
Perhaps it's named for the type of infrastructure?
Yeah, volt was aimed at kill codes in backup generators sold to large and infrastructure clients.
what's flax?
A plant used to make fiber for clothing and it's seeds are used to make linseed oil.
well, yes... but in the context of a cybersecurity threat
My guess is some sort of ag infrastructure?
seems like a good guess
maybe disabling john deere or industrial processing equipment
I thought that for volt. The other two are a bit more curious. Flax for some sort of ag infrastructure? Salt for salt mines? Those seem like a stretch though.
We never hear what is done in response to things like this, surely there isn't just nothing going on.
Maybe it's a reference to the Chevy Volt. Didn't they just create a rule against Chinese software embedded in cars?
Well, the Volt was only made in the US.
This is a Microsoft thing.
https://learn.microsoft.com/en-us/defender-xdr/microsoft-threat-actor-naming
Each country gets a Weather Event Noun and 'Typhoon' does indeed = China.
Each individual hacking group is given an adjective preceding the Weather Noun, to differentiate different techniques and targets.
In addition to Salt, Flax, and Volt, there are also Violet, Raspberry, Gingham, and Nylon among many others.
I think my favorites are Pumpkin Sandstorm out of Iran, and international organized crime's Spandex Tempest.
Sensuous organized crime?
The naming convention is an infosec-industry thing, not just Microsoft.
Crowdstrike, recently famous for other reasons, has their own listing, and makes action figures. (I'm not kidding.)
https://www.crowdstrike.com/adversaries/
https://www.crowdstrikeswag.com/Shop-All-C99.aspx#Adversary%20Figurines
The key when you're jumping the shark is the shark shouldn't even know it happened.
The "Typhoon" designation is specific to Microsoft, see the above link.
Who put Microsoft in charge?
They put themselves in charge... of categorizing and naming threats to Microsft Windows.
Larry, Moe, and Curly were taken.
The internet will be our downfall.
So they paralyze the US economy and . . . .what?
As in who do they think is going to buy all that stuff being churned out of Chinese factories?
Viet Nam?
This is why it's daft to think this has alot of national backing.
That doesn't mean it doesn't, just that personal greed is proa more likely source.