RCP Channel BriefingShort Takes from Microsoft’s Channel Community
Blog archive
CrowdStrike Works with Microsoft To Streamline Cybersecurity Response
Microsoft and CrowdStrike, one of its strategic security partners, have launched a joint effort to make it easier to identify cyber threat actors that have different, vendor-specific names.
Announced earlier this week, the partnership aims to address longstanding naming inconsistencies that can hamstring efforts to quash threats. To do this, the companies plan to create a shared mapping system that links various aliases used by different security vendors to identify the same threat groups -- what CrowdStrike called in its press release a "Rosetta Stone" for cyber threat intelligence.
The goal is to eliminate ambiguity by correlating names like, for example, "Midnight Blizzard" and "Cozy Bear," which refer to the same adversary. By standardizing these names, security teams can, in theory, respond to threats faster and with more efficacy.
The collaboration has already reconciled over 80 threat actor aliases, including Microsoft's "Volt Typhoon" with CrowdStrike's "Vanguard Panda," both attributed to Chinese state-sponsored groups. Similarly, "Secret Blizzard" and "Venomous Bear" have been identified as the same Russia-linked entity.
This effort comes amid increasing concerns over the complexity of cyber threats and the need for unified intelligence. Other major cybersecurity firms, such as Palo Alto Networks and Google's Mandiant, are also joining the initiative to further streamline threat group taxonomy, according to Microsoft's own post.
The "RCP Channel Briefing" blog is researched, fact-checked, edited and updated by the editors of RCPmag.com, with writing assistance from AI.
Posted by Redmond Channel Partner magazine staff on June 04, 2025