Microsoft and CrowdStrike Collaborate to Enhance Threat Actor Mapping

This initiative marks a significant step toward unified cyber threat intelligence. Traditionally, vendors label the same threat actors with different names—Microsoft’s “Midnight Blizzard” is known elsewhere as “Cozy Bear,” “APT29,” or “UNC2452.” Such fragmentation delays response times and complicates decision-making for security teams.

To solve this, the two companies developed a shared reference framework—described as a “Rosetta Stone” for cyber threats. Instead of enforcing a single naming system, this framework maps and aligns names across different security ecosystems, preserving each firm’s unique analysis while streamlining identification.

“Adversaries exploit both technology and the confusion caused by naming inconsistencies,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. “This effort ensures defenders know exactly who they’re dealing with.”

Microsoft’s Vasu Jakkal, Corporate Vice President of Security, emphasized the urgency: “In today’s fast-moving threat landscape, even seconds matter. We must rethink how we share and respond to cyber risks.”

So far, analysts from both companies have aligned over 80 threat actors. This includes confirming that Microsoft’s “Volt Typhoon” and CrowdStrike’s “VANGUARD PANDA” represent the same China-backed group, while “Secret Blizzard” and “VENOMOUS BEAR” refer to the same Russia-linked actor.

The mapping spans five core categories of threat actors: nation-state groups, financially motivated hackers, private sector offensive firms, influence operations, and emerging entities.

Importantly, the initiative is expanding. Google’s Mandiant and Palo Alto Networks’ Unit 42 have already joined the effort, with more cybersecurity players expected to contribute.

“This is about empowering defenders through faster, clearer intelligence,” said Jakkal. “Security isn’t a solo mission—it’s a team sport.”

With Microsoft now tracking over 1,500 threat actors—up from 300 last year—the need for shared intelligence is more urgent than ever. This collaboration lays the foundation for a more coordinated global defense against cyber threats.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: CybersecurityNews.com