Microsoft explains a weather-themed threat actor taxonomy that maps nation-state, financially motivated, private sector offensive, influence, and developing clusters into consistent naming families. North Korea-attributed actors are assigned the Sleet family, with publicly disclosed mappings such as Diamond Sleet for Lazarus, Emerald Sleet for Kimsuky, Onyx Sleet for Andariel/APT45, Opal Sleet for APT43, and Moonstone, Jade, Citrine, and Pearl Sleet for other DPRK-linked clusters. The taxonomy also preserves cross-vendor aliases, helping defenders connect Microsoft names to older labels such as ZINC, THALLIUM, PLUTONIUM, LABYRINTH CHOLLIMA, and VELVET CHOLLIMA. For DPRK tracking, the value is operational clarity: reports using Microsoft naming can be correlated with Lazarus, Kimsuky, Andariel, and related North Korean activity without relying on ad hoc alias matching.