Why APT Group Names Include Animals (Bear, Panda, etc.)

Have you heard names like Fancy Bear, Cozy Bear, and Vixen Panda and wondered why animals are part of some APT (advanced persistent threat) group names?

Photo by mana5280 on Unsplash

Different organizations have different ways of naming APT groups. Some (such as CrowdStrike) use animals that are associated with the nations that the APT groups are associated with. Here are a few:

• Bear: Russia
• Panda: China (CrowdStrike)
• Dragon: China (non-CrowdStrike)
• Kitten: Iran
• Chollima (mythical horse): DPRK (North Korea)
• Spider: ecrime (not region-specific or state-sponsored)
• Jackal: hactivist (not region-specific or state-sponsored)
• Buffalo: Vietnam
• Crane: Republic of Korea
• Leopard: Pakistan
• Tiger: India (CrowdStrike) or China (non-CrowdStrike)
• Lynx: Georgia
• Wolf: Turkey
• Ocelot: Colombia
• Hawk: Syria

Additional Resources

2022 CrowdStrike Global Threat Report | CrowdStrike

What is an Advanced Persistent Threat (APT)? | CrowdStrike

Advanced Persistent Threat (APT) Groups - Cyber Sophia

What is an Advanced Persistent Threat?

What are Advanced Persistent Threats? And How to Defend Against Them

The APT Name Game: How Grim Threat Actors Get Goofy Monikers

Top 25 Threat Actors - 2019 Edition

Kittens, bears or pandas: who's behind the biggest cyberattacks?

MITRE ATT&CK Groups