Microsoft and CrowdStrike announced today that they’ve partnered to connect the aliases used for specific threat groups without actually using a single naming standard.
As the two companies explained on Monday, this will be done by mapping (or linking) the different names their security analysts use for each group they track.
Microsoft has updated its threat actor reference guide with a list of common hacking groups tracked by CrowdStrike and Redmond, all mapped using each company’s naming systems.
“This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play,” said Vasu Jakkal, Corporate Vice President for Microsoft Security.
“This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.”
This naming taxonomy mapping effort is the initial step towards making tracking overlapping threat actor activity easier and avoiding unnecessary confusion and complexity.
As Microsoft also revealed today, Google/Mandiant and Palo Alto Networks’ Unit 42 will also be contributing their own information to make attribution faster and clearer, with other cybersecurity companies likely to join this initiative in the future.
After more security firms join this alliance and start sharing their telemetry data, this initiative will bring clarity and make it simpler for network defenders to translate naming systems and build a far more accurate view of malicious campaigns.
“CrowdStrike and Microsoft are proud to take the first step, but we know this must be a community-led initiative to succeed,” added Adam Meyers, Senior Vice President for Intelligence at CrowdStrike.
“Together, the companies have already deconflicted more than 80 threat actors through direct, analyst-led collaboration. These represent some of the most active and sophisticated adversaries in the world.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
