Are we making hackers sound too cool? These security experts think so

• Cybersecurity experts recommend we rethink the way we name attackers
• Names like Salt Typhoon and Fuzzy Bear are misleading, they argue
• Microsoft and CrowdStrike have agreed to align their naming conventions

A co-written article from former heads of the UK and USA cybersecurity agencies, Jen Easterly (CISA) and Ciaran Martin (NCSC), has called for the naming conventions of threat actors to be reconsidered, calling the current names ‘misleading’.

“These names aren’t just confusing—they’re misleading. They obscure attribution, mystify the public, and often glamorize dangerous adversaries,” the Just Security article urges.

“That’s why we welcome the news that cybersecurity leaders Microsoft and CrowdStrike are teaming up to better align how they name and categorize cyber threat actors.”