Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy
Microsoft and CrowdStrike will lead a cooperative effort to map out the overlapping web of hacker groups that their researchers have disclosed and named, the companies said on Monday.
Palo Alto Networks and Google and its Mandiant unit have also agreed to join the collaborative effort on streamlining threat group taxonomy.
For years, the companies' different naming conventions for various criminal and state-linked threat groups have created unnecessary confusion and delays in the sharing of threat intelligence.
Microsoft and CrowdStrike released an initial version of their threat actor matrix on Monday, listing the groups they track and each one's corresponding aliases from other researchers.
Palo Alto Networks and Google and its Mandiant unit are joining the collaborative effort on streamlining threat group taxonomy.
Vasu Jakkal, corporate vice president of Microsoft Security, said that even delays of a few seconds can make a difference in whether an attack is thwarted or successful.
'One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms,' Jakkal said in a blog post.
Microsoft and CrowdStrike have collaborated on more than 80 adversaries so far, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike.
"Aligning on naming conventions isn't just a nice-to-have but a game-changer for defenders trying to act fast,' Michael Sikorski, CTO and head of threat intelligence at Palo Alto Networks' Unit 42, told Cybersecurity Dive. 'A shared baseline for threat actor names means faster attribution, improved cyberattack response, and fewer blind spots.'
Microsoft, for example, tracks the criminal threat group known widely as Scattered Spider as Octo Tempest, while Palo Alto Networks tracks it as Muddled Libra.
Microsoft and CrowdStrike are also working on a plan to create a small, focused group of contributors who will help define a process of updating and maintaining attribution mappings, Meyers said in a blog post.
Meyers said there will be no change in how the companies name and identify threat actors, as each company will retain its own methods, telemetry and naming system.
Naming conventions in the cybersecurity space have long been a source of controversy, not only because different firms track the same groups slightly differently but also because of how companies sometimes mythologize the capabilities of threat actors.
Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, criticized some of the naming conventions during a 2024 speech at Black Hat, saying companies have almost made it seem like hacker groups have immortal superpowers.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
30 minutes ago
- Forbes
Warning—This Is How Easy It Is To Steal All Your Passwords
Stealing passwords has never been easier Microsoft and Google users in particular have been inundated in recent weeks with warnings to ditch passwords for passkeys. And rightly so. These are the passwords that unlock much of your digital life, and it's never been easier to steal them. Microsoft is moving fastest when it comes to leaving passwords behind, confirming its intent to delete passwords for more than a billion users. Google is not too far behind, warning that most of its account holders need to add passkeys to their accounts. Passkeys use your device security to sign into your account, rather than a user name and password. As such, there's no password to steal or breach, there aren't even any two factor authentication codes to bypass or share. It's 'phishing resistant.' With perfect timing, the team at Okta has just warned it has observed threat actors abusing v0, a breakthrough GenAI tool created by Vercelopens to develop phishing sites that impersonate legitimate sign-in webpages.' There's even a video showing how this works — and it should worry anyone still relying on passwords to log into key accounts, even if they're backed up by 2FA and especially if that 2FA is nothing better than SMS, which is now little better than nothing at all. 'This signals a new evolution in the weaponization of GenAI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts,' Okta says. 'This technology [is]Watch the video on Okta's website While it may surprise users how easily a sign-in page can be replicated, is should not surprise them that 'today's threat actors are actively experimenting with and weaponizing leading GenAI tools to streamline and enhance their phishing capabilities.' Gone are are the days of clumsy imagery and texts and fake sign-in pages that can be detected in an instant. These latest attacks need a technical solution. The advice remains to add passkeys to any account where it's available, and then to stop using passwords to access those accounts. You should also ensure any passwords that need to remain on accounts are long and unique and backed up by non-SMS 2FA. The best form of easy-to-use 2FA is an authenticator app on your smartphone, these are quasi passkeys as they link to your hardware, albeit they're not as good as passkeys and still can be open to interception and users being tricked into sharing codes. Okta says this 'highlights a critical new vector in the phishing landscape. As GenAI tools become more powerful and accessible, organizations and their security teams must adapt to the reality of AI-driven social engineering and credential harvesting attacks.'
Yahoo
34 minutes ago
- Yahoo
Microsoft Sparks Outrage by Announcing Major Change After 40 Years
On Thursday, June 26 Microsoft announced "an initiative designed to make all digital environments touched by Microsoft products more secure and resilient." It's new Windows Resiliency Initiative prioritizes preventing, managing and recovering from security and reliability incidents, mitigating issues swiftly and providing seamless recovery across the Windows platform. Among the changes outlined in the press release is a new way to navigate unexpected restarts allowing users to recover faster. 'This is really an attempt on clarity and providing better information and allowing us and customers to really get to what the core of the issue is so we can fix it faster,' David Weston, vice president of enterprise and OS security at Microsoft, told The Verge. 'Part of it just cleaner information on what exactly went wrong, where it's Windows versus a component.' "The Windows 11 24H2 release included improvements to crash dump collection which reduced downtime during an unexpected restart to about two seconds for most users," Microsoft said in its release before getting to the part that's upsetting users. "We're introducing a simplified user interface (UI) that pairs with the shortened experience. The updated UI improves readability and aligns better with Windows 11 design principles, while preserving the technical information on the screen for when it is needed," the release said. While fans are looking forward to understanding the issue at not too pleased Microsoft is doing away with the "blue screen of death" in order to achieve a streamlined look with a new black screen. "I don't get it, why not keep the screen blue so it's easy to tell that there's a problem? The change to showing what exactly went wrong is nice, but that can be done without changing the color," one person said. "This is the third time Microsoft has announced that they're changing the BSOD from blue to black over the last fifteen years or so. And every time I make the same joke: as long as I don't have to learn any new acronyms," joked another. "If my computer is going to crash, at least let me feel nostalgic about it," exclaimed another. RIP blue screen of Sparks Outrage by Announcing Major Change After 40 Years first appeared on Men's Journal on Jun 28, 2025
Bloomberg
an hour ago
- Bloomberg
China's DeepSeek Ramps up Hiring with Job Posts on LinkedIn
DeepSeek is ramping up its recruitment on LinkedIn, suggesting the Chinese AI startup may be looking to lure talent from outside its homeland. The Hangzhou-based company posted 10 positions on the Microsoft Corp. -owned jobs and networking platform over the last week, its first listings for several months.
