Notizie per Categorie
Articoli Recenti
- [Launched] Generally Available: NFS Azure Files volume mount support in Azure Container Apps 4 Giugno 2025
- [Launched] Generally Available: Azure Database for PostgreSQL support for pg_cron extension in PG 17 4 Giugno 2025
- [In preview] Public Preview: Azure Database for MySQL – Flexible Server now supports high availability with dedicated Azure Standard Load Balancer 4 Giugno 2025
- [In preview] Public Preview: High availability with SSD v2 for Azure Database for PostgreSQL flexible server 4 Giugno 2025
- [Launched] Generally Available: Upsert and Script activity in data factory in Microsoft Fabric for Azure Database for PostgreSQL 4 Giugno 2025
- [In preview] Public Preview: In-place major version upgrade to PostgreSQL 17 on Azure Database for PostgreSQL flexible server 4 Giugno 2025
- [Launched] Generally Available: Required role assignment for private endpoint approvals in AzureML workspaces and/or AI Foundry hubs with managed network 3 Giugno 2025
- Dataverse at Build: The Agent Platform Powering the Future of Agentic AI 3 Giugno 2025
- How Microsoft Defender for Endpoint is redefining endpoint security 3 Giugno 2025
- [In preview] Public Preview: Azure Migrate enhances resiliency by supporting ZRS Disks Migration 2 Giugno 2025
Announcing a new strategic collaboration to bring clarity to threat actor naming
In today’s cyberthreat landscape, even seconds of delay can mean the difference between stopping a cyberattack or falling victim to ransomware. One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms. This, in turn, can reduce confidence, complicate analysis, and delay response. As outlined in the National Institute of Standards and Technology’s (NIST) guidance on threat sharing (SP 800-1501), aligning how we describe and categorize cyberthreats can improve understanding, coordination, and overall security posture.
That’s why we are excited to announce that Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies. By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence.
Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily. But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action.
Introducing a collaborative reference guide to threat actors
Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping. It includes:
- A list of common actors tracked by Microsoft and CrowdStrike mapped by their respective taxonomies.
- Corresponding aliases from each group’s taxonomy.
This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play. This reference guide helps to:
- Improve confidence in threat actor identification.
- Streamline correlation across platforms and reports.
- Accelerate defender action in the face of active cyberthreats.
This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.
Looking ahead
This initial taxonomy mapping is a collaboration between Microsoft and CrowdStrike. Google/Mandiant and Palo Alto Networks Unit 42 will also be contributing to this effort. We look forward to sharing updates from those collaborations in the near future. Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and we look forward to others joining us on this journey.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
1SP 800-150, Guide to Cyber Threat Information Sharing, NIST Computer Security Research Center. October 2016.
The post Announcing a new strategic collaboration to bring clarity to threat actor naming appeared first on Microsoft Security Blog.
Source: Microsoft Security