It’s Microsoft’s internal name for an anonymous “advanced persistent threat” they suspect to be a Chinese military hacking group, but aren’t 100 percent sure. It has many other names given by other companies, it’s been around since at least 2021.
Wikipedia on the naming of Advanced Persistent Threats
Multiple organizations may assign different names to the same actor. As separate researchers could each have their own varying assessments of an APT group, companies such as CrowdStrike, Kaspersky, Mandiant, and Microsoft, among others, have their own internal naming schemes.[88] Names between different organizations may refer to overlapping but ultimately different groups, based on various data gathered.
CrowdStrike assigns animals by nation-state or other category, such as “Kitten” for Iran and “Spider” for groups focused on cybercrime. Other companies have named groups based on this system — Rampant Kitten, for instance, was named by Check Point rather than CrowdStrike.
Dragos bases its names for APT groups on minerals.
Mandiant assigns numbered acronyms in three categories, APT, FIN, and UNC, resulting in APT names like FIN7. Other companies using a similar system include Proofpoint (TA) and IBM (ITG and Hive).
Microsoft used to assign names from the periodic table, often stylized in all-caps (e.g. POTASSIUM); in April 2023, Microsoft changed its naming schema to use weather-based names (e.g. Volt Typhoon).
It’s Microsoft’s internal name for an anonymous “advanced persistent threat” they suspect to be a Chinese military hacking group, but aren’t 100 percent sure. It has many other names given by other companies, it’s been around since at least 2021.
Wikipedia on the naming of Advanced Persistent Threats