Microsoft serves the U.S.

There is an article in Microsoft’s documentation called How Microsoft names threat actors by diannegali & Dansimp (Microsoft). That sounds interesting. How does Microsoft determine and label threat actors?

“Microsoft shifted to a new naming taxonomy for threat actors aligned with the theme of weather. We intend to bring better clarity to customers and other security researchers with the nex taxonomy. We offer a more organized, articulate, and easy way to reference threat actors so that organizations can better prioritize and protect themselves and aid security researchers already confronted with an overwhelming amount of threat intelligence data.”

Where Microsoft is utterly unwilling to help you is when a threat actor comes from any country other than official enemies of the U.S., Israel, or NATO. The only threat actors for which they have a taxonomy are:

• China
• Iran
• Lebanon
• North Korea
• Russia
• South Korea
• Turkey
• Vietnam

As Sapir-Worf would say: since we don’t have a word for it, it doesn’t exist. That, or Microsoft just categorizes any threat from the NSA, CIA, or Mossad—just a few examples among myriad others—as being from Russia, North Korea, or Iran anyway. They probably have a special die that they role to pick a scapegoat.

So, yeah, it’s neat to see that otherwise-serious researchers kind of just pretend that two of the biggest hacking nations in the world—U.S.A. and Israel—just don’t exist in that sense. Microsoft is an international company. International customers should be pissed off that they prioritize sucking up to the Empire more than taking their job seriously in the name of customers who aren’t in the U.S.

Even U.S. customers would be interested in knowing when the CIA or NSA is putting trojans on their servers, but they’ll never hear it from Microsoft. I guess U.S. and Israeli trojans are just gentle, digital kisses—homeopathic balms that delicately lift your data from your data stores for your own good. They’re not really threats at all, in that sense, which is why they don’t exist in the threat-actor taxonomy. That’s just logic, baby.