Microsoft and Crowdstrike have announced that they are teaming up to coordinate the taxonomy of individual threat actors by publishing new co-target threat actor mappings.
“By mapping where the knowledge of these actors matches, we can connect security professionals with faster insights and provide the ability to make decisions with greater confidence,” said Vasu Jakkal, Corporate Vice President, Microsoft Security.
The initiative is seen as a way for private cybersecurity vendors to unravel the nicknamed zoos assigned to nation-states, financially motivated, influential operations, private sector offensive actors, and various hacking groups that are broadly categorized as emerging clusters.
For example, the Russian state-sponsored threat actors tracked by Microsoft as Midnight Blizzard (formerly Nobelium) are also known as APT29, Blue Bravo, Croque Ursa, Cozy Bear, Iron Hemlock and Dukes.
Similarly, Forest Blizzard (formerly Strontium) is passed by other monikers, including Blue Athena, Bluedelta, Fancy Bear, Fighting Ursa, Frozenlake, Iron Twilight, Pawn Storm, Sednit, Sofacy and Ta422. Microsoft moved from using names inspired by chemical elements in April 2023 to weather-themed threat actor nomenclature.
When coordinating these names across vendors, it becomes much easier to track duplicate threat activity and avoiding unnecessary confusion regarding the attribution of threat actors can reduce confidence, complicate analysis, and delay responses.
The unified threat mapping system is a two-party initiative, but it is expected that Google and its Mandiant subsidiary, as well as Palo Alto Networks Unit 42, will also contribute to this effort. Other cybersecurity companies may join the initiative in the future. That said, the collaboration is not intended to create a single naming standard.
CrowdStrike said the alignment has successfully managed to escape more than 80 enemies, adding the Alliance’s purpose to better correlate the aliases of threat actors without sticking to a single naming scheme. The new glossary was called “Rosetta Stone.”
“And also, if telemetry complements each other, there is an opportunity to expand attributes to more planes and vectors. There is an opportunity to build a richer and more accurate view of enemy campaigns that benefit the entire community,” says Adam Meyers of Crowdstrike.
Source link
