Microsoft and CrowdStrike have announced that they are teaming up to align their individual threat actor taxonomies by publishing a new joint threat actor mapping.
“By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence,” Vasu Jakkal, corporate vice president at Microsoft Security, said.
The initiative is seen as a way to untangle the menagerie of nicknames that private cybersecurity vendors assign to various hacking groups that are broadly categorized as a nation-state, financially motivated, influence operations, private sector offensive actors, and emerging clusters.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
For example, the Russian state-sponsored threat actor tracked by Microsoft as Midnight Blizzard (formerly Nobelium) is also known as APT29, BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, and The Dukes.
Likewise, Forest Blizzard (previously Strontium) goes by other monikers such as Blue Athena, BlueDelta, Fancy Bear, Fighting Ursa, FROZENLAKE, Iron Twilight, Pawn Storm, Sednit, Sofacy, and TA422. Microsoft shifted from using chemical elements-inspired names to a weather-themed threat actor nomenclature in April 2023.
In aligning these names across vendors, the idea is to make tracking overlapping threat actor activity a lot easier and avoid unwanted confusion when it comes to threat actor attribution that in turn, can reduce confidence, complicate analysis, and delay response.
While the unified threat mapping system is a two-party effort, Google and its Mandiant subsidiary as well as Palo Alto Networks Unit 42 are also expected to contribute to the effort. Other cybersecurity companies are likely to join the initiative in the future. That said, the collaboration does not aim to create a single naming standard.
CrowdStrike said the alignment has led to successfully deconflicting more than 80 adversaries, adding the alliance aims to better correlate threat actor aliases without sticking to a single naming scheme. It called the new glossary a “Rosetta Stone.”
“In addition, where telemetry complements one another, there’s an opportunity to extend attribution across more planes and vectors — building a richer, more accurate view of adversary campaigns that benefits the entire community,” CrowdStrike’s Adam Meyers said.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
New Chrome Zero-Day Actively Exploited; Google Issues Emergency Out-of-Band Patch