Announcing a new strategic collaboration to bring clarity to threat actor naming - Microsoft

SHARE CONTENT TYPES News In today’s cyberthreat landscape, even seconds of delay can mean the difference between stopping a cyberattack or falling victim to ransomware. One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms. This, in turn, can reduce confidence, complicate analysis, and delay response. As outlined in the National Institute of Standards and Technology’s (NIST) guidance on threat sharing (SP 800-1501), aligning how we describe and categorize cyberthreats can improve understanding, coordination, and overall security posture. That’s why we are excited to announce that Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies. By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence. Read about Microsoft and Crowdstrike’s joint threat actor taxonomy Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily. But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action. Introducing a collaborative reference guide to threat actors Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping. It includes: A list of common actors tracked by Microsoft and CrowdStrike mapped by their respective taxonomies. Corresponding aliases from each group’s taxonomy. This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play. This reference guide helps to: Improve confidence in threat actor identification. Streamline correlation across platforms and reports. Accelerate defender action in the face of active cyberthreats. This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors. Looking ahead This initial taxonomy mapping is a collaboration between Microsoft and CrowdStrike. Google/Mandiant and Palo Alto Networks Unit 42 will also be contributing to this effort. We look forward to sharing updates from those collaborations in the near future. Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and we look forward to others joining us on this journey. Read the taxonomy mapping from Microsoft and Crowdstrike To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 1SP 800-150, Guide to Cyber Threat Information Sharing, NIST Computer Security Research Center. October 2016. LinkedIn Vasu Jakkal Corporate Vice President, Microsoft Security Vasu Jakkal is a passionate champion of building a better, safer, and more resilient world for all. She brings over 20 years of technology industry experience to Microsoft, where she is responsible for Microsoft’s Security business which includes Security, Compliance, Identity, Management, and Privacy, including crafting the strategy, partnering to shape product roadmaps, and defining the go-to-market motions that help customers simplify and fortify their security posture. Jakkal is a dedicated advocate for diversity and for expanding the opportunities for women in all fields of technology.     See Vasu Jakkal posts Related posts March 16 Help on the line: How a Microsoft Teams support call led to compromise A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them. March 9 Secure agentic AI for your Frontier Transformation Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation. February 5 The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently.