Skip to content
FinanceCybersecurityBusinessExplore Symphony's Tech Universe

Cybersecurity Companies, Led by Microsoft and CrowdStrike, Join Forces to Establish Classification System for Digital Attackers

A shift in naming convention for threat groups by major intelligence firms aims to bring clarity to years of ambiguity.

 and  Administrator
2 min read
Cybersecurity companies Microsoft, CrowdStrike, and others unite in creating a shared...
Cybersecurity companies Microsoft, CrowdStrike, and others unite in creating a shared classification system for digital menaces

Cybersecurity Companies, Led by Microsoft and CrowdStrike, Join Forces to Establish Classification System for Digital Attackers

Microsoft and CrowdStrike are leading a cooperative effort to map out the web of hacker groups, with the goal of streamlining threat group taxonomy. According to Adam Meyers, the President of CrowdStrike Services, the two companies have collaborated on more than 80 adversaries so far.

The small, focused group of contributors planned by Microsoft and CrowdStrike will be responsible for defining a process for updating and maintaining attribution mappings. However, the name of this group is not yet disclosed.

Palo Alto Networks and Google's Mandiant unit have agreed to join this collaborative effort, further expanding the scope of the project. Each company will retain its own methods, telemetry, and naming system, and there will be no change in how they name and identify threat actors.

Understanding threat actor attribution is a major cause of delayed response, according to Vasu Jakkal, Corporate Vice President, Microsoft Cybersecurity Solutions. Delays in understanding threat actor attribution can impact the success of thwarting attacks.

The threat actor matrix, a list of groups they track and their corresponding aliases from other researchers, is a key component of this collaborative effort. For instance, Microsoft tracks the criminal threat group known as Scattered Spider as Octo Tempest, while Palo Alto Networks tracks it as Muddled Libra.

Inaccurate or incomplete data and inconsistencies in naming across platforms can slow down understanding of threat actor attribution. This is a concern that has long been a source of controversy in the cybersecurity space, with differences in how firms track the same groups and the mythologizing of threat actors' capabilities.

Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency, criticized some naming conventions during a 2024 speech at Black Hat, stating that they make hacker groups seem like they have immortal superpowers.

The evolving role of CISOs involves better understanding the risk calculus of technology stacks, answering the question: Are we a target? Corporate stakeholders want to better understand this aspect, as well as the overall risk calculus of their technology stacks.

Michael Sikorski, CTO and head of threat intelligence at Palo Alto Networks' Unit 42, emphasized that aligning on naming conventions is crucial for defenders trying to act fast. He believes that this alignment will lead to faster attribution, improved cyberattack response, and fewer blind spots.

The goal of this collaborative effort is to create a more unified and consistent approach to threat group taxonomy, which should help in faster and more effective responses to cyber threats. The initial version of the threat actor matrix, released by Microsoft and CrowdStrike, is a significant step towards this goal.

Read also:

Related

Latest