Microsoft and Crowdstrike team up for threat actor naming initiative

Challenges of Inconsistent Cyberattack Naming Conventions

In the realm of cybersecurity, when a cyberattack occurs, companies typically announce it to the public using unique identifiers that reflect their internal naming protocols. This practice, however, can lead to significant discrepancies, as each organization adopts its own criteria for naming threat actors. Consequently, the same cyber adversary may be referred to by various names across different firms, which can impede timely response initiatives.

For instance, a threat actor identified as Midnight Blizzard by Microsoft may simultaneously be known as Cozy Bear, APT29, or UNC2452 by other cybersecurity entities. This lack of uniformity complicates communication and collaboration in mitigating cyber threats.

Collaborative Efforts for Clarity in Threat Naming

To tackle this pressing issue, Microsoft and CrowdStrike have initiated a partnership aimed at standardizing their respective threat actor taxonomies. This collaboration focuses on enhancing the clarity and confidence with which security professionals can react to cyber incidents.

Importantly, the goal of Microsoft and CrowdStrike is not to establish a singular naming system but rather to develop a comprehensive mapping that presents a list of common threat actors identified by both organizations. This map aligns their individual naming systems, providing corresponding aliases from each company’s taxonomy. Security professionals can access the integrated threat actor mapping from Microsoft and CrowdStrike here.

Future Contributions and Community Involvement

While the initial mapping is a combined effort from Microsoft and CrowdStrike, other cybersecurity names like Google/Mandiant and Palo Alto Networks’ Unit 42 are anticipated to contribute to this initiative in the coming period. The involvement of multiple leading firms signifies a collective commitment to enhancing cybersecurity protocols.

Insights from Microsoft Security Leadership

Vasu Jakkal, Corporate Vice President of Microsoft Security, emphasized the importance of this collaboration. He stated:

“We look forward to sharing updates from those collaborations in the near future. Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and look forward to others joining us on this journey.”

The Road Ahead

As more organizations engage in this initiative, the collective defenses against cyber threats will likely strengthen. This partnership not only fosters greater understanding among cybersecurity professionals but also enhances the efficacy of responses to emerging threats.

Source & Images