Microsoft and CrowdStrike partner to unify threat actor naming
No more confusion around threat actor names
2 min. read
Published on
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
Update, 4th June, 2025: The previously attached image in this article has been removed, as it depicted Microsoft’s threat actor naming schema. The mapping we’ve discussed in this article is available further down in this Microsoft article.
Original story: If you’ve ever tried to track a cyberattack and ended up wondering if “Midnight Blizzard” and “Cozy Bear” were the same group, you’re not the only one. Fortunately, Microsoft and CrowdStrike are stepping in to streamline threat actor naming.
Microsoft & CrowdStrike team up to reduce confusion in threat actor naming
Until now, different security firms have been naming the same hacker groups with different labels for years. It’s confusing, and in high-stress situations, that confusion can slow things down.
Instead of creating a whole new naming standard, the two companies have released a joint chart that maps their existing threat actor names side by side. Think of it as a shared decoder ring—if Microsoft calls someone Midnight Blizzard and CrowdStrike calls them APT29, this chart clears that up in seconds.
Other big names could be joining hands, too
This joint effort is already public, and more could be on the way. Google’s Mandiant and Palo Alto Networks’ Unit 42 are reportedly planning to join, which could expand the reach of this collaboration even further.
User forum
0 messages