Microsoft, CrowdStrike Unite to Map Cyber Threat Actors

Microsoft Corp. and CrowdStrike Holdings Inc. have partnered to streamline threat actor identification, addressing a long-standing issue in cybersecurity intelligence: inconsistent naming of malicious groups across vendors. The initiative, announced Monday, introduces a shared mapping tool that links adversary identifiers without enforcing a universal naming standard.

The collaboration aims to reduce confusion caused by divergent terminologies — such as Microsoft’s “Midnight Blizzard” and CrowdStrike’s “COZY BEAR,” which both refer to the same Russian-linked threat group. This overlap has historically hindered timely threat detection and response.

The companies describe the tool as a “Rosetta Stone” for cyber threat intelligence, enabling cross-vendor translation while preserving independent analytical approaches. Already, more than 80 threat groups have been reconciled, including Microsoft’s “Volt Typhoon” and CrowdStrike’s “VANGUARD PANDA.”

Google’s Mandiant and Palo Alto Networks’ Unit 42 have pledged to join the effort. Microsoft says it now tracks over 1,500 threat actors, underscoring the urgency for faster, coordinated defense.