How Microsoft names threat actors - Unified security operations
By poliveria
Archived: 2026-04-06 00:23:19 UTC
Amethyst Rain Lebanon VolcanicTimber, Volatile Cedar Antique Typhoon China Storm-0558 Aqua Blizzard
Russia ACTINIUM, PRIMITIVE BEAR, Gamaredon, Armageddon, UNC530, shuckworm, SectorC08 Berry
Sandstorm Iran Storm-0852 Blue Tsunami Israel, Private sector offensive actor Brass Typhoon China BARIUM,
WICKED PANDA, APT41 Brocade Typhoon China BORON, GOTHIC PANDA, UPS, APT3, OLDCARP, TG-0110, Red Sylvan, CYBRAN Burgundy Sandstorm Iran REMIX KITTEN, Cadelle, Chafer Cadet Blizzard Russia
DEV-0586, EMBER BEAR Canary Typhoon China CIRCUIT PANDA, APT24, Palmerworm, BlackTech Canvas
Cyclone Vietnam BISMUTH, OCEAN BUFFALO, OceanLotus, APT32 Caramel Tsunami Israel, Private sector
offensive actor DEV-0236 Carmine Tsunami Private sector offensive actor Charcoal Typhoon China
CHROMIUM, AQUATIC PANDA, ControlX, RedHotel, BRONZE UNIVERSITY Checkered Typhoon China
CHLORINE, DEEP PANDA, ATG50, APT19, TG-3551, Red Gargoyle Cinnamon Tempest China, Financially
motivated DEV-0401, HighGround Circle Typhoon China DEV-0322, EMISSARY PANDA, APT6, APT27
Citrine Sleet North Korea Storm-0139, Storm-1222, LABYRINTH CHOLLIMA Clay Typhoon China Storm-2416 Copper Typhoon China Tonto Team, Earth Akhlut, Sharp-R Coral Sleet North Korea Storm-1877 Cotton
Sandstorm Iran NEPTUNIUM, HAYWIRE KITTEN, Vice Leaker CovertNetwork-1658 Covert network ORB07
Crescent Typhoon China CESIUM Crimson Sandstorm Iran CURIUM, IMPERIAL KITTEN, Tortoise Shell,
HOUSEBLEND, TA456 Cuboid Sandstorm Iran DEV-0228, IMPERIAL KITTEN Daffodil Gust United Arab
Emirates Stealth Falcon, Fruity Armor, Project Raven Denim Tsunami Austria, Private sector offensive actor
DEV-0291 Diamond Sleet North Korea ZINC, LABYRINTH CHOLLIMA, Black Artemis, Lazarus Emerald
Sleet North Korea THALLIUM, VELVET CHOLLIMA, RGB-D5, Black Banshee, Kimsuky, Greendinosa Fallow
Squall Singapore PLATINUM, PARASITE, RUBYVINE, GINGERSNAP Flax Typhoon China Storm-0919,
ETHEREAL PANDA Forest Blizzard Russia STRONTIUM, FANCY BEAR, Sednit, ATG2, Sofacy, Blue Athena,
Z-Lom Team, Operation Pawn Storm, Tsar Team, CrisisFour, HELLFIRE, APT28 Ghost Blizzard Russia
BROMINE, BERSERK BEAR, TG-4192, Koala Team, Blue Kraken, Crouching Yeti, Dragonfly Gingham
Typhoon China GADOLINIUM, KRYPTONITE PANDA, TEMP.Periscope, Leviathan, JJDoor, APT40,
Feverdream Granite Typhoon China GALLIUM, PHANTOM PANDA Gray Sandstorm Iran DEV-0343 Hazel
Sandstorm Iran EUROPIUM, HELIX KITTEN, COBALT GYPSY, Crambus, OilRig, APT34 Heart Typhoon
China HELIUM, AURORA PANDA, APT17, Hidden Lynx, ATG3, Red Typhoon, KAOS, TG-8153, SportsFans,
DeputyDog, Tailgater Hexagon Typhoon China HYDROGEN, NUMBERED PANDA, Calc Team, Red Anubis,
APT12, DNS-Calc, HORDE Houndstooth Typhoon China HASSIUM, DRAGNET PANDA, isoon, deepclif Jade
Sleet North Korea Storm-0954, LABYRINTH CHOLLIMA Jasper Sleet North Korea Storm-0287 Lace Tempest
Financially motivated DEV-0950 Lemon Sandstorm Iran RUBIDIUM, PIONEER KITTEN Leopard Typhoon
China LEAD, WICKED PANDA, TG-2633, TG-3279, Mana, KAOS, Red Diablo, Winnti Group Lilac Typhoon
China DEV-0234 Linen Typhoon China IODINE, EMISSARY PANDA, Red Phoenix, Hippo, Lucky Mouse,
BOWSER, APT27, Wekby2, UNC215, TG-3390 Luna Tempest Financially motivated Magenta Dust Türkiye
PROMETHIUM, StrongPity, SmallPity Manatee Tempest Russia DEV-0243, INDRIK SPIDER Mango
https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming
Page 1 of 3

Sandstorm Iran MERCURY, STATIC KITTEN, SeedWorm, TEMP.Zagros, MuddyWater Marbled Dust Türkiye
SILICON, COSMIC WOLF, Sea Turtle, UNC1326 Marigold Sandstorm Iran DEV-500, VENGEFUL KITTEN
Midnight Blizzard Russia NOBELIUM, COZY BEAR, UNC2452, APT29 Mint Sandstorm Iran PHOSPHORUS,
CHARMING KITTEN, Parastoo, Newscaster, APT35 Moonstone Sleet North Korea Storm-1789, LABYRINTH
CHOLLIMA Mulberry Typhoon China MANGANESE, KEYHOLE PANDA, Backdoor-DPD, COVENANT,
CYSERVICE, Bottle, Red Horus, Red Naga, Auriga, APT5, ATG48, TG-2754, tabcteng Mustard Tempest
Financially motivated DEV-0206, INDRIK SPIDER Neva Flood Russia, Influence operations Storm-1516,
CopyCop Night Tsunami Israel DEV-0336 Nylon Typhoon China NICKEL, VIXEN PANDA, Playful Dragon,
RedRiver, ke3chang, APT15, Mirage Octo Tempest Financially motivated SCATTERED SPIDER, 0ktapus Oka
Flood Russia, Influence operations Storm-1679 Onyx Sleet North Korea PLUTONIUM, SILENT CHOLLIMA,
StoneFly, Tdrop2 campaign, DarkSeoul, Black Chollima, Andariel, APT45 Opal Sleet North Korea OSMIUM,
VELVET CHOLLIMA, Planedown, Konni, APT43 Patched Lightning Storm-0113 Peach Sandstorm Iran
HOLMIUM, REFINED KITTEN, APT33, Elfin Pearl Sleet North Korea LAWRENCIUM Pepper Typhoon China
LIMINAL PANDA, CL-STA-0969 Periwinkle Tempest Russia DEV-0193, WIZARD SPIDER Phlox Tempest
Israel, Financially motivated DEV-0796 Pink Sandstorm Iran AMERICIUM, SPECTRAL KITTEN, Agrius,
Deadwood, BlackShadow, SharpBoys, FireAnt, Justice Blade Pinstripe Lightning NIOBIUM, RENEGADE
JACKAL, Desert Falcons, Scimitar, Arid Viper Pistachio Tempest Financially motivated DEV-0237 Plaid Rain
Lebanon POLONIUM, INCENDIARY JACKAL Pumpkin Sandstorm Iran DEV-0146 Purple Typhoon China
POTASSIUM, STONE PANDA, GOLEM, Evilgrab, AEON, LIVESAFE, ChChes, APT10, Haymaker,
Webmonder, Foxtrot, Foxmail, MenuPass, Red Apollo Raspberry Typhoon China RADIUM, LOTUS PANDA,
LotusBlossom, APT30 Red Sandstorm Iran Storm-0842, BANISHED KITTEN, Void Manticore Ruby Sleet North
Korea CERIUM, VELVET CHOLLIMA Ruza Flood Russia, Influence operations Salmon Typhoon China
SODIUM, MAVERICK PANDA, APT4 Salt Typhoon China OPERATOR PANDA, GhostEmperor,
FamousSparrow Sangria Tempest Ukraine, Financially motivated ELBRUS, CARBON SPIDER Sapphire Sleet
North Korea COPERNICIUM, UNC1069, STARDUST CHOLLIMA, Alluring Pisces, BlueNoroff,
CageyChameleon, CryptoCore Satin Typhoon China SCANDIUM, DYNAMITE PANDA, COMBINE, TG-0416,
SILVERVIPER, Red Wraith, APT18, Elderwood Group, Wekby Seashell Blizzard Russia IRIDIUM, VOODOO
BEAR, BE2, UAC-0113, Blue Echidna, Sandworm, PHANTOM, BlackEnergy Lite, APT44 Secret Blizzard
Russia KRYPTON, VENOMOUS BEAR, Uroburos, Snake, Blue Python, Turla, WRAITH, ATG26 Sefid Flood
Iran, Influence operations Shadow Typhoon China Storm-0062, DarkShadow, Oro0lxy Silk Typhoon China
HAFNIUM, MURKY PANDA, timmy Smoke Sandstorm Iran IMPERIAL KITTEN, UNC1549 Spandex Tempest
Financially motivated MONTY SPIDER, TA505 Star Blizzard Russia SEABORGIUM, COLDRIVER, Callisto
Group, BlueCharlie, TA446 Storm-0133 Iran HEXANE, Lyceum, Siamesekitten, Spirlin Storm-0156 Pakistan
MYTHIC LEOPARD, SideCopy, APT36, Transparent Tribe Storm-0216 Financially motivated TUNNEL
SPIDER, UNC2198 Storm-0230 Group in development WIZARD SPIDER, Conti Team 1 Storm-0247 China
ToddyCat, Websiic Storm-0249 Group in development Storm-0252 Group in development CHATTY SPIDER
Storm-0288 Group in development FIN8 Storm-0302 Group in development NARWHAL SPIDER, TA544 Storm-0408 Group in development Storm-0485 Group in development Storm-0501 Financially motivated Storm-0538
Group in development SKELETON SPIDER, FIN6 Storm-0539 Financially motivated Storm-0569 Financially
motivated Storm-0593 Russia InvisiMole Storm-0671 Group in development UNC2596, Tropicalscorpius Storm-0940 China Storm-0978 Russia RomCom, Underground Team Storm-1101 Group in development Storm-1113
Financially motivated APOTHECARY SPIDER Storm-1125 Belarus MoustachedBouncer Storm-1152 Financially
https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming
Page 2 of 3

motivated Storm-1175 China, Financially motivated Storm-1194 Group in development MONTI Storm-1249
Group in development Storm-1516 Russia, Influence operations Storm-1567 Financially motivated PUNK
SPIDER Storm-1607 Group in development Storm-1674 Financially motivated Storm-1747 Group in
development Storm-1811 Financially motivated CURLY SPIDER Storm-1849 China UAT4356 Storm-1865
Group in development Storm-1982 China SneakyCheff, UNK_SweetSpecter Storm-2035 Iran, Influence
operations Storm-2077 China TAG-100 Storm-2246 Group in development Storm-2372 Group in development
Storm-2460 Group in development Storm-2470 Group in development Storm-2477 Group in development
Lumma Stealer Storm-2603 China Storm-2657 United States, Financially motivated Payroll Pirates Strawberry
Tempest Financially motivated DEV-0537, SLIPPY SPIDER, LAPSUS$ Sunglow Blizzard DEV-0665 Swirl
Typhoon China TELLURIUM, STALKER PANDA, Tick, Bronze Butler, REDBALDKNIGHT Taffeta Typhoon
China TECHNETIUM, TURBINE PANDA, TG-0055, Red Kobold, JerseyMikes, APT26, BEARCLAW Taizi
Flood China, Influence operations Dragonbridge, Spamouflage Tumbleweed Typhoon China THORIUM, Karst
Twill Typhoon China TANTALUM, MUSTANG PANDA, BRONZE PRESIDENT, LuminousMoth Vanilla
Tempest Financially motivated DEV-0832, VICE SPIDER, Vice Society Velvet Tempest Financially motivated
DEV-0504, ALPHA SPIDER Violet Typhoon China ZIRCONIUM, JUDGMENT PANDA, Chameleon, APT31,
WebFans Void Blizzard Russia Laundry Bear Volga Flood Russia, Influence operations Storm-1841, Rybar Volt
Typhoon China VANGUARD PANDA, BRONZE SILHOUETTE Wheat Tempest Financially motivated GOLD,
Gatak Wisteria Tsunami India, Private sector offensive actor DEV-0605, MintedSoil Yulong Flood China,
Influence operations Storm-1852 Zigzag Hail Korea DUBNIUM, SHADOW CRANE, Nemim, TEMPLAR,
TieOnJoe, Fallout Team, Purple Pygmy, Dark Hotel, Egobot, Tapaoux, PALADIN, APT-C-60
Source: https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming
https://learn.microsoft.com/en-us/unified-secops-platform/microsoft-threat-actor-naming
Page 3 of 3