Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The new collaboration aims to unify the attribution of threat actors, leading to greater coordination and threat response times.
When you’re a network defender, knowing who you are defending against can be half the battle.
However, there is a vast ecosystem of naming conventions, making threat attribution confusing at best. A single actor may have a different name across multiple vendors, with varying amounts of overlap.
For instance, a single Russia-linked advanced persistent threat actor is known by a raft of names: CozyCar, CozyDuke, Dark Halo, The Dukes, Midnight Blizzard, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, or, more widely, Cozy Bear.
It’s not just confusing; it’s distracting. However, cyber security firm CrowdStrike has joined forces with Microsoft in an attempt to “harmonise” threat actor attribution.
“This is a watershed moment for cyber security. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it’s our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike’s mission from day one,” Adam Meyers, head of counter-adversary operations at CrowdStrike, said in a statement.
“CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behaviour. Together, we’re combining strengths to deliver clarity, speed, and confidence to defenders everywhere.”
The pair worked together to develop a shared mapping system that is capable of linking adversaries across various vendor naming systems without requiring a new naming system.
Both companies have already deconflicted more than 80 threat actors, such as establishing Microsoft’s Volt Typhoon and CrowdStrike’s Vanguard Panda as the same state-sponsored Chinese actor. CrowdStrike and Microsoft hope other vendors will come on board to establish a shared threat actor mapping resource that can help the entire industry.
“Cyber security is a defining challenge of our time, especially in today’s AI-driven era,” Vasu Jakkal, corporate vice president, Microsoft Security, said.
“Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community, accelerate the benefits of actionable threat intelligence. Security is a team sport, and when defenders can share and react to information faster, it makes a difference in how we protect the world.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
