CrowdStrike and Microsoft announced a joint effort to bring clarity and alignment among security vendors on how to identify and track cyber threat actors . The effort aims to minimize confusion caused by using different naming schemes by relating threat actor names across platforms and aligning attacker attribution, accelerating cyber defenders’ response to the most sophisticated attacks of today and tomorrow.
The cybersecurity industry has developed a variety of naming schemes to identify threat actors, each based on their own perspective, intelligence sources and analytical rigor. These classification schemes provide important context about attackers to help organizations understand what threats they face and who is launching attacks and why. However, as the attacker landscape expands, threat attribution classification methods have become more varied and complex across vendors. Through this close collaboration, CrowdStrike and Microsoft have developed a common mapping system that can be called a “Rosetta Stone” of cyber threat intelligence, allowing attacker identifiers to be linked across vendor ecosystems without mandating a single naming standard.
Such mapping reduces ambiguity around adversary naming, allowing defenders to make faster decisions with more confidence, correlate threat intelligence across multiple sources, and effectively disrupt threat actors before they cause real damage. Mapping makes it easy to relate different monikers like COZY BEAR and Midnight Blizzard, speeding decision making and unifying threat response across different classification methods.
Also Read: Cybereason launches ASA for risk visualization via EDR
“We are excited to be working with Defense Department and Defense Policy Providers to bring these threats to our attention,” said Adam Meyers, Head of Counter Adversary Operations.
“This is an inflection moment for cybersecurity. Attackers have used technology to hide their true identities, but inconsistent naming confusion has made it harder to identify them. Defenders need to get ahead of attackers and give security teams a clear understanding of who is behind attacks and how to respond. This has been our mission at CrowdStrike since the beginning. CrowdStrike is the leader in attacker intelligence, and Microsoft provides one of the most valuable sources of data on attacker behavior. By joining together, we can bring these strengths to bring clarity, speed and confidence to defenders everywhere.”
The joint effort will initially be led by analysts from both companies to standardize threat actor naming between CrowdStrike and Microsoft threat research teams. Through this effort, the two companies have already resolved over 80 naming conflicts for threat actors, confirming, for example, that Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA are both Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russian-origin threat actor. This demonstrates that the shared attribution information is operationally valid. Going forward, CrowdStrike and Microsoft will continue to work together to expand this effort and invite other partners to join in, with the goal of providing and maintaining a common threat actor mapping resource for the global cybersecurity community.
The joint effort builds on each company’s long-standing threat intelligence leadership and is driven by a shared philosophy of putting the customer first and the mission over markets, to deliver better outcomes for defenders.
SOURCE: PRTimes
