CrowdStrike, Microsoft join forces to simplify cyber threats actor naming

CrowdStrike and Microsoft have partnered to create a unified system for identifying and tracking cyber threat actors, aiming to simplify how adversaries are named across different vendors and improve global defence coordination.

The two companies are introducing a shared mapping system that links threat actor aliases used by different cybersecurity platforms. This initiative is designed to address a long-standing problem in the industry;  the confusion caused by multiple naming conventions for the same cyber adversary.

As cyber threats grow more complex and frequent, security professionals often face delays and miscommunication due to inconsistent naming of threat actors. This can hinder response times and lead to gaps in understanding the full scope of an attack. By harmonising threat attribution, CrowdStrike and Microsoft hope to accelerate detection and improve the accuracy of threat intelligence.

The collaboration brings together two of the biggest players in cybersecurity. CrowdStrike is known for its adversary-focused threat intelligence and cloud-native Falcon platform, while Microsoft has vast telemetry and behavioural data from its global ecosystem of users and services. Together, they bring unmatched visibility into cyber threats worldwide.

The effort begins with CrowdStrike and Microsoft’s threat research teams working together to align their naming systems. Already, they have reconciled over 80 threat actor names. For example, Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA have been confirmed to represent the same China-based threat group. Similarly, Secret Blizzard (Microsoft) and VENOMOUS BEAR (CrowdStrike) refer to the same Russian adversary.

The mapping is already in progress, with initial results being shared internally among their analyst teams. Over time, this system will be expanded and made accessible to other security vendors and the broader cybersecurity community.

This shared attribution model works like a ‘Rosetta Stone’ for cyber threat intelligence, allowing security teams to quickly correlate threats across sources without having to decode multiple naming systems. The result is faster, more confident decision-making, better coordination across organisations, and ultimately stronger defence against evolving cyber threats.

This collaboration marks a pivotal step toward industry-wide cooperation in the face of increasingly sophisticated cyber adversaries. By putting clarity and coordination at the center of threat attribution, CrowdStrike and Microsoft are setting a new standard for how defenders unite in the fight against cybercrime.