CrowdStrike and Microsoft collaborate to harmonise cyber threat attribution

Landmark industry collaboration maps threat actor aliases across vendors to accelerate response and strengthen global cyberdefense.

CrowdStrike nd Microsoft have announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimises confusion caused by different naming systems and accelerates cyber defenders’ response against today’s and tomorrow’s most sophisticated adversaries.

The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources and analytic rigor. These taxonomies provide critical adversary context to help organisations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a ‘Rosetta Stone’ for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard.

By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies.

“This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it’s our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike’s mission from day one,” said Adam Meyers, SVP, Counter Adversary Operations, CrowdStrike. “CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we’re combining strengths to deliver clarity, speed, and confidence to defenders everywhere.”

The collaboration will start with a shared analyst-led effort to harmonise adversary naming between CrowdStrike and Microsoft’s threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community.

“Cybersecurity is a defining challenge of our time, especially in today’s AI-driven era,” said Vasu Jakkal, Corporate Vice President, Microsoft Security. “Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world.”

This collaboration builds on each company’s deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. 

EclecticIQ collaborates with NATO CCDCOE to unveil the vulnerability of maritime ports to...
HPE introduces a multi-layered approach to cybersecurity, debuting advanced data and network...
VDURA collaborates with New Mexico State University to develop PQC technology, fortifying AI and...
Upwind integrates Nyx to deliver an unparalleled CADR platform, offering real-time threat detection...
Black Duck Software announces enhanced features in its AI-powered application security assistant,...
An examination of the UK cloud market's lack of competition and the need for immediate reform to...
Arctic Wolf boosts its Aurora Platform by integrating with Microsoft, Oracle, OneLogin, and...
Teleport's new Secure MCP provides robust security measures for AI models interacting with company...