By Raphael Satter and AJ Vicens

WASHINGTON, June 2 (Reuters) - Microsoft, CrowdStrike, Palo Alto PANW.O and Alphabet's GOOGL.O Google on Monday said they would create a public glossary of state-sponsored hacking groups and cybercriminals, in a bid to ease confusion over the menagerie of unofficial nicknames for them.

Microsoft MSFT.O and CrowdStrike CRWD.O said they hoped to potentially bring other industry partners and the U.S. government into the effort to identify Who’s Who in the murky world of digital espionage.

“We do believe this will accelerate our collective response and collective defense against these threat actors,” said Vasu Jakkal, corporate vice president, Microsoft Security.

How meaningful the effort ends up being remains to be seen.

Cybersecurity companies have long assigned coded names to hacking groups, as attributing hackers to a country or an organization can be difficult and researchers need a way to describe who they are up against.

Some names are dry and functional, like the “APT1” hacking group exposed by cybersecurity firm Mandiant or the “TA453” group tracked by Proofpoint. Others have more color and mystery, like the “Earth Lamia” group tracked by TrendMicro or the “Equation Group” uncovered by Kaspersky.

Crowdstrike's evocative nicknames - “Cozy Bear” for a set of Russian hackers, or “Kryptonite Panda” for a set of Chinese ones - have tended to be the most popular, and others have also adopted the same kind of offbeat monikers.

In 2016, for example, the company Secureworks - now owned by Sophos - began using the name "Iron Twilight" for the Russian hackers it previously tracked as "TG-4127." Microsoft itself recently revamped its nicknames, moving away from staid, element-themed ones like “Rubidium” to weather-themed ones like “Lemon Sandstorm” or “Sangria Tempest.”

But the explosion of whimsical aliases has already led to overload. When the U.S. government issued a report about hacking attempts against the 2016 election, it sparked confusion by including 48 separate nicknames attributed to a grab bag of Russian hacking groups and malicious programs, including “Sofacy,” “Pawn Storm,” “CHOPSTICK,” “Tsar Team,” and “OnionDuke.”

Michael Sikorski, the chief technology officer for Palo Alto’s threat intelligence unit, said the initiative was a “game-changer.”

“Disparate naming conventions for the same threat actors create confusion at the exact moment defenders need clarity,” he said.

Juan-Andres Guerrero-Saade, a top researcher at the cybersecurity firm SentinelOne, was skeptical of the effort, saying the cold reality of the cybersecurity industry was that companies hoarded information.

Unless that changed, he said, "this is branding-marketing-fairy dust sprinkled on top of business realities."

But CrowdStrike Senior Vice President of counter adversary operations, Adam Meyers, said the move had already delivered a win by helping his analysts connect a group Microsoft called “Salt Typhoon” with one CrowdStrike dubbed “Operator Panda.”

(Reporting by Raphael Satter, editing by Chris Sanders and Deepa Babington)

((raphael.satter@tr.com; +1 202 430 9389;))