Collaboration to Combat Cyber Threats: Microsoft and CrowdStrike Unite
In a notable development in the cybersecurity landscape, Microsoft and CrowdStrike have announced a partnership aimed at streamlining and synchronizing their threat actor taxonomies. This collaboration introduces a new joint threat actor mapping system intended to enhance the way security professionals understand and respond to cyber threats.
Enhancing Insights for Professionals
Vasu Jakkal, the Corporate Vice President at Microsoft Security, emphasized the significance of this initiative. By aligning their knowledge of various threat actors, the partnership aims to empower security professionals to quickly connect insights and make informed decisions with increased confidence. The essence of this effort lies in simplifying the myriad of names and classifications attributed to hacking groups operating in different capacities across the globe.
Unpacking the Complexity of Cyber Threat Naming
The realm of cybersecurity is fraught with diverse terminology, particularly when it comes to identifying threat actors. These hackers can be generally categorized into several groups—nation-state actors, financially motivated criminals, those engaged in influence operations, and more. Each category boasts a slew of nicknames created by various cybersecurity companies, leading to potential confusion around attribution and threat assessment.
For instance, Microsoft has tracked a Russian state-sponsored group known as Midnight Blizzard. This group also goes by several other names, including APT29, Cloaked Ursa, and Cozy Bear, among others. Similarly, the group Forest Blizzard, previously referred to as Strontium, is identified under various monikers like Fancy Bear and Pawn Storm. Notably, Microsoft switched to a weather-themed nomenclature for these actors in April 2023, moving away from a system inspired by chemical elements.
The Goal: Clarity in Threat Tracking
The primary objective of this unified threat mapping effort is to simplify tracking the overlapping activities of different threat actors. Achieving a clearer understanding of these entities is crucial for accurate attribution, as errors can lead to diminished confidence in threat assessments and hinder timely responses to incidents.
While Microsoft and CrowdStrike spearhead this initiative, other industry players, including Google’s Mandiant subsidiary and Palo Alto Networks’ Unit 42, are also expected to contribute. The hope is that additional cybersecurity firms will join this collaborative effort in the near future. However, it is important to note that this collaboration does not aim to establish a single naming standard for cyber threat actors.
Early Successes and Future Aspirations
CrowdStrike has reported significant progress in this collaborative effort, having successfully clarified the identities of over 80 adversaries. The partnership seeks to correlate various aliases of threat actors without enforcing a strict naming convention. They refer to this new glossary as a "Rosetta Stone," a metaphor underscoring its role in simplifying complex communications within the industry.
CrowdStrike’s Adam Meyers further elaborated on the benefits of the initiative, noting that where telemetry from both companies aligns, there lies an opportunity for deeper attribution across different planes and vectors. This would enable a more comprehensive understanding of adversary campaigns, ultimately enhancing the security posture of the entire cybersecurity community.
Moving Forward in Cybersecurity
The collaboration between Microsoft and CrowdStrike represents a significant stride toward a more unified approach to identifying and combating cyber threats. By clarifying the landscape of threat actors, this initiative not only promises to reduce confusion but also aims to foster a collaborative atmosphere among different cybersecurity firms. In doing so, it seeks to build a robust framework for understanding and addressing the complexities of modern cyber threats, benefiting the entire professional community.
For those interested in the latest developments in cybersecurity, following these companies on platforms like Twitter and LinkedIn can provide further insights and updates.
