Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion - The Hacker News

Microsoft and CrowdStrike Launch Shared Threat Actor Glossary to Cut Attribution Confusion Ravie LakshmananJun 03, 2025Threat Intelligence / Cyber Threats Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping. "By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence," Vasu Jakkal, corporate vice president at Microsoft Security, said. The initiative is seen as a way to untangle the menagerie of nicknames that private cybersecurity vendors assign to various hacking groups that are broadly categorized as a nation-state, financially motivated, influence operations, private sector offensive actors, and emerging clusters. For example, the Russian state-sponsored threat actor tracked by Microsoft as Midnight Blizzard (formerly Nobelium) is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, and The Dukes. Likewise, Forest Blizzard (previously Strontium) goes by other monikers such as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422. Microsoft shifted from using chemical elements-inspired names to a weather-themed threat actor nomenclature in April 2023. In aligning these names across vendors, the idea is to make tracking overlapping threat actor activity a lot easier and avoid unwanted confusion when it comes to threat actor attribution that in turn, can reduce confidence, complicate analysis, and delay response. While the unified threat mapping system is a two-party effort, Google and its Mandiant subsidiary as well as Palo Alto Networks Unit 42 are also expected to contribute to the effort. Other cybersecurity companies are likely to join the initiative in the future. That said, the collaboration does not aim to create a single naming standard. CrowdStrike said the alignment has led to successfully deconflicting more than 80 adversaries, adding the alliance aims to better correlate threat actor aliases without sticking to a single naming scheme. It called the new glossary a "Rosetta Stone." "In addition, where telemetry complements one another, there's an opportunity to extend attribution across more planes and vectors — building a richer, more accurate view of adversary campaigns that benefits the entire community," CrowdStrike's Adam Meyers said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  APT Groups, CrowdStrike, Cyber Defense, Cyber Threat, cybersecurity, DevOps, Malware, Microsoft, Security Operations, Threat Intelligence Trending News Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Load More ▼ Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Identity Controls Checklist: Find Missing Protections in Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026