Whenever a cyberattack is discovered, companies disclose it to the public and assign it a unique name based on their internal procedures. Unfortunately, this leads to inconsistencies, as each company has its own naming conventions. As a result, the same threat actor behind a cyberattack may end up with multiple names, causing delays and confusion in response efforts.
For example, a threat actor that Microsoft refers to as Midnight Blizzard might be known as Cozy Bear, APT29, or UNC2452 by other security vendors.
To address this issue, Microsoft and CrowdStrike are teaming up. These companies will align their individual threat actor taxonomies to help security professionals respond to cyberattacks with greater clarity and confidence.
It’s important to note that Microsoft and CrowdStrike are not attempting to create a single naming standard. Instead, they are releasing a mapping that lists common threat actors tracked by both companies, matched according to their respective taxonomies. The mapping also includes corresponding aliases from each group’s naming system. You can view the joint threat actor mapping by Microsoft and CrowdStrike here.
Although this threat actor taxonomy mapping is a joint effort between Microsoft and CrowdStrike, Google/Mandiant and Palo Alto Networks' Unit 42 are expected to contribute to this initiative in the future.
Vasu Jakkal, Corporate Vice President of Microsoft Security, wrote the following about this collaboration with CrowdStrike:
"We look forward to sharing updates from those collaborations in the near future. Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and look forward to others joining us on this journey."
As more organizations join this initiative, the collective defense against cyber threats will undoubtedly be improved.
5 Comments - Add comment