Microsoft’s threat actor naming reference maps several North Korea-linked groups into its weather-themed taxonomy, including Ruby Sleet, Sapphire Sleet, Pearl Sleet, Opal Sleet, Emerald Sleet, and Diamond Sleet. The table ties Sapphire Sleet to BlueNoroff, Opal Sleet to Konni, Emerald Sleet to Kimsuky, and Diamond Sleet to Lazarus/Labyrinth Chollima, while also listing Storm-0530 as a North Korea-linked group associated with H0lyGh0st. The taxonomy distinguishes actor categories such as nation-state, financially motivated, private-sector offensive actors, influence operations, and groups in development, with names meant to reflect attribution, motivation, or temporary tracking status. For defenders, the DPRK-relevant value is the alias mapping: it helps connect Microsoft names to more widely used North Korea actor names during hunting, reporting, and intelligence correlation.