Take, as an illustration, the infamous Russian state-sponsored group behind the SolarWinds breach. Microsoft calls it Midnight Blizzard, however safety groups would possibly encounter it as Cozy Bear, APT29, NOBELIUM, UNC2452, Darkish Halo, or any of greater than 10 different names throughout varied safety corporations.
“Safety groups usually get a number of alerts about the identical group of attackers, however every alert makes use of a unique identify. This implies they waste time chasing the identical subject a number of occasions,” Singh defined. “Valuable time wanted to react shortly to an assault is misplaced whereas groups are busy correlating menace names.”
Kumar Avijit, vice chairman at Everest Group, pointed to cases the place the confusion has actual penalties. “In observe, the coexistence of a number of aliases for a similar adversary has hampered safety groups’ skill to shortly correlate intelligence feeds, share findings, and prioritize response actions,” Avijit mentioned. “This mismatch can result in duplicated efforts, delaying incident response, and depart gaps in protection when defenders assume they’re monitoring distinct threats.”
