CrowdStrike and Microsoft collaborate to harmonise cyber threat attribution

Landmark industry collaboration maps threat actor aliases across vendors to accelerate response and strengthen global cyberdefense.

  • Tuesday, 3rd June 2025 Posted 3 weeks ago in by Phil Alsop

CrowdStrike nd Microsoft have announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimises confusion caused by different naming systems and accelerates cyber defenders’ response against today’s and tomorrow’s most sophisticated adversaries.

The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources and analytic rigor. These taxonomies provide critical adversary context to help organisations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a ‘Rosetta Stone’ for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard.

By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies.

“This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it’s our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike’s mission from day one,” said Adam Meyers, SVP, Counter Adversary Operations, CrowdStrike. “CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we’re combining strengths to deliver clarity, speed, and confidence to defenders everywhere.”

The collaboration will start with a shared analyst-led effort to harmonise adversary naming between CrowdStrike and Microsoft’s threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community.

“Cybersecurity is a defining challenge of our time, especially in today’s AI-driven era,” said Vasu Jakkal, Corporate Vice President, Microsoft Security. “Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world.”

This collaboration builds on each company’s deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. 

School is back in session

Posted 13 hours ago by Phil Alsop
Schneider Electric launches Chapter 3 of Sustainability School .
Fivetran accelerates global financial services provider’s move to the cloud; transforms reporting and revenue operations.

Freshworks launches Freshservice Journeys

Posted 13 hours ago by Phil Alsop
Freshservice Journeys is a AI-powered capability that simplifies complex workflows spanning HR, IT, facilities, and more, to help organizations...
Proof of concept tests ‘customer-defined routing’ for businesses to choose their own packet network path in near-real time.

HPE and Commvault strengthen strategic partnership

Posted 19 hours ago by Phil Alsop
Commvault Cloud and HPE’s storage and data protection portfolio provide comprehensive enterprise-grade protection against cyber threats and data...

HPE unveils new AI factory solutions built with NVIDIA

Posted 19 hours ago by Phil Alsop
HPE drives AI innovation with modular AI factory solutions powered by NVIDIA Blackwell, fueled by HPE Alletra Storage MP, and optimized to deploy and...

Jitterbit launches new Partner Program

Posted 19 hours ago by Phil Alsop
Global program, new partner training incentivize technology partners to capitalize on soaring AI market, business transformation.

Mitel launches enhanced Global Partner Experience

Posted 20 hours ago by Phil Alsop
New partner program and experience streamlines tools, resources, and incentives by aligning partner success with Mitel’s strategy to lead in hybrid...