Microsoft and CrowdStrike align naming of threat actors

Joint threat actor mapping improves clarity in cyber defence.
Microsoft, CrowdStrike, Collaboration, threat actors

Microsoft and CrowdStrike have announced a joint initiative to align their threat actor taxonomies, aiming to improve clarity and coordination in the fight against cyberattacks.

While the two cybersecurity giants are not creating a unified naming standard, they are publishing a cross-referenced mapping that shows how threat actors tracked by both companies correspond under their respective naming systems.

The inconsistency in threat actor names across the cybersecurity industry has long created confusion, often slowing response times and complicating collaboration between teams.

A single actor might be known as Midnight Blizzard by Microsoft, Cozy Bear by another firm, and APT29 or UNC2452 by others — all referring to the same group. This fragmentation of identifiers has made tracking and defending against threats more difficult.

To address this, Microsoft and CrowdStrike have released a reference document that maps common threat actors across both organisations’ taxonomies and includes aliases from other vendors.

The goal is to provide security teams with a clearer understanding of which groups are being discussed, regardless of the terminology used.

Although the mapping effort currently involves only Microsoft and CrowdStrike, other major players in the cybersecurity industry — including Google’s Mandiant and Palo Alto Networks’ Unit 42 — are expected to contribute to the initiative in the future.

‘Security is a shared responsibility, requiring community-wide efforts to improve defensive measures,’ said Vasu Jakkal, Corporate Vice President of Microsoft Security. ‘We are excited to be teaming up with CrowdStrike and look forward to others joining us on this journey.’

As more companies adopt this collaborative approach, experts believe it will enhance collective defence by making threat intelligence easier to interpret and act upon across the security ecosystem.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!