In a significant move for the cybersecurity sector, Microsoft and CrowdStrike have announced a strategic partnership aimed at aligning their respective threat actor taxonomies. The collaboration strives to publish a shared mapping of threat actors, enabling security professionals to draw insights more effectively and make decisions with enhanced confidence. “By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” stated Vasu Jakkal, corporate vice president at Microsoft Security.
This initiative is seen as critical in untangling the myriad of aliases assigned to various hacking groups by private cybersecurity vendors. Currently, these groups can be categorized broadly as nation-state actors, financially motivated individuals, influence operations, and more. The confusion surrounding different nicknames complicates the process of tracking their activities effectively.
For example, Microsoft refers to a Russian state-sponsored threat actor as Midnight Blizzard, while others may know it by names such as APT29, Cozy Bear, and The Dukes. CrowdStrike has reported that the alliance has successfully deconflicted more than 80 adversaries, aiming for better correlation of threat actor aliases without adhering to a single naming convention. This joint effort seeks to facilitate a clearer understanding of adversary actions and improve the overall cybersecurity landscape.
While this collaboration currently involves just Microsoft and CrowdStrike, experts suggest that companies like Google and its Mandiant subsidiary, as well as Palo Alto Networks’ Unit 42, are expected to join the initiative soon. The goal is not to create a single naming standard for cyber threat actors, but rather to foster clearer communications within the cybersecurity community. The new glossary has been described by CrowdStrike as a “Rosetta Stone” for understanding adversary campaigns effectively, enhancing the community’s overall threat assessment capabilities. Adam Meyers from CrowdStrike emphasized, “Where telemetry complements one another, there’s an opportunity to extend attribution across more planes and vectors — building a richer, more accurate view of adversary campaigns that benefits the entire community.”