CrowdStrike and Microsoft have announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimizes confusion caused by different naming systems and accelerates cyber defenders’ response against the most sophisticated adversaries.
The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources, and analytic rigour. These taxonomies provide critical adversary context to help organisations understand the threats they face, who is targeting them, and why.
But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system, a Rosetta Stone for cyber threat intelligence, that links adversary identifiers across vendor ecosystems without mandating a single naming standard.
This mapping reduces ambiguity in how adversaries are labelled, enabling defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies.
“This is a watershed moment for cybersecurity,” said CrowdStrike Head of Counter Adversary Operations Adam Meyers. “Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it’s our job to stay ahead and to give security teams clarity on who is targeting them and how to respond.”
“This has been CrowdStrike’s mission from day one,” he added. “CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behaviour. Together, we’re combining strengths to deliver clarity, speed, and confidence to defenders everywhere.”
The collaboration will start with a shared analyst-led effort to harmonise adversary naming between CrowdStrike and Microsoft’s threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft’s Volt Typhoon and CrowdStrike’s VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution.
Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community.
“Cybersecurity is a defining challenge of our time, especially in today’s AI-driven era,” said Microsoft Security VP Vasu Jakkal. “Microsoft and CrowdStrike are in ideal positions to help our customers and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport, and when defenders can share and react to information faster, it makes a difference in how we protect the world.”
