Readers assist assist Home windows Report. We might get a fee should you purchase via our hyperlinks.
Learn our disclosure web page to seek out out how will you assist Home windows Report maintain the editorial crew. Learn extra
Replace, 4th June, 2025: The beforehand connected picture on this article has been eliminated, because it depicted Microsoft’s menace actor naming schema. The mapping we’ve mentioned on this article is offered additional down on this Microsoft article.
Unique story: If you happen to’ve ever tried to trace a cyberattack and ended up questioning if “Midnight Blizzard” and “Cozy Bear” have been the identical group, you’re not the one one. Fortuitously, Microsoft and CrowdStrike are stepping in to streamline menace actor naming.
Microsoft & CrowdStrike crew as much as cut back confusion in menace actor naming
Till now, totally different security companies have been naming the identical hacker teams with totally different labels for years. It’s complicated, and in high-stress conditions, that confusion can sluggish issues down.
As a substitute of making an entire new naming normal, the 2 corporations have launched a joint chart that maps their current menace actor names aspect by aspect. Consider it as a shared decoder ring—if Microsoft calls somebody Midnight Blizzard and CrowdStrike calls them APT29, this chart clears that up in seconds.
Different large names could possibly be becoming a member of palms, too
This joint effort is already public, and extra could possibly be on the best way. Google’s Mandiant and Palo Alto Networks’ Unit 42 are reportedly planning to affix, which may increase the attain of this collaboration even additional.