Latest news with #China-nexus
Techday NZ
02-06-2025
- Techday NZ
CrowdStrike & Microsoft unify naming for cyber threat actors
CrowdStrike and Microsoft have jointly introduced a new initiative aimed at standardising the way cyber threat actors are identified across the cybersecurity sector. The collaboration has resulted in a shared mapping system, aligning threat actor aliases between the two companies and promoting clarity in cyber threat attribution. Both companies state that this initiative is designed to accelerate threat response and reduce confusion caused by the inconsistent nicknames used for hacker groups among different security vendors. The cybersecurity industry has historically relied on disparate naming systems, each informed by distinct intelligence sources and analytical approaches. While these systems provide valuable context on adversaries, they can complicate cross-reference and response due to conflicting terminology. This increased complexity has prompted the need for a unified approach to threat actor attribution. CrowdStrike and Microsoft's joint mapping project serves as a form of 'Rosetta Stone' for cyber threat intelligence, linking adversary identifiers across their respective ecosystems without imposing a single nomenclature. By connecting aliases—such as CrowdStrike's COZY BEAR and Microsoft's Midnight Blizzard, or VANGUARD PANDA and Volt Typhoon—the mapping facilitates quicker and better-coordinated responses to sophisticated adversaries. According to CrowdStrike, the partners have already reconciled over 80 threat group aliases. The alignment expands to groups linked to major nation-state actors. For example, the companies have confirmed that Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA refer to the same China-nexus actor, while Secret Blizzard and VENOMOUS BEAR designate a Russia-linked group. Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, commented on the significance of the collaboration. "This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one," Meyers said. "CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere." The initial phase of the collaboration involves specialist teams from both companies working together to harmonise adversary naming conventions. The effort has already demonstrated practical value by validating the identities of specific threat actors across the two ecosystems. The companies will seek to expand this initiative, inviting additional contributors to create and maintain a broader threat actor mapping resource accessible to the global cybersecurity community. Vasu Jakkal, Corporate Vice President for Microsoft Security, emphasised the broader implications for the security sector. "Cybersecurity is a defining challenge of our time, especially in today's AI-driven era," Jakkal said. "Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world." The companies note that their collaboration builds on an established history of threat intelligence activity and contributes towards a shared mission: prioritising customer outcomes and sector-wide defence, rather than market competition. The mapping initiative will continue to develop as more partners join to keep the threat actor taxonomy up to date and useful for the defender community. Follow us on: Share on:
Yahoo
27-02-2025
- Business
- Yahoo
2025 CrowdStrike Global Threat Report: China's Cyber Espionage Surges 150% with Increasingly Aggressive Tactics, Weaponization of AI-powered Deception Rises
The industry's preeminent source on adversary intelligence exposes a 442% increase in vishing as GenAI-driven social engineering attacks increase; DPRK insider threats spike AUSTIN, Texas, February 27, 2025--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) today released its 2025 Global Threat Report, exposing the growing aggression of China's cyber operations, a surge in GenAI-powered social engineering and nation-state vulnerability research and exploitation, and a sharp increase in malware-free, identity-based attacks. The report reveals that China-nexus adversaries escalated state-sponsored cyber operations by 150%, with targeted attacks in financial services, media, manufacturing and industrial sectors soaring up to 300%. At the same time, adversaries worldwide are weaponizing AI-generated deception, exploiting stolen credentials and increasingly executing cross-domain attacks—exploiting gaps across endpoint, cloud and identity—to bypass security controls and operate undetected in the shadows. The shift to malware-free intrusions that exploit trusted access, combined with record-shattering breakout times, leaves defenders little room for error. To stop modern attacks, security teams need to eliminate visibility gaps, detect adversary movement in real-time and stop attacks before they escalate—because once they're inside, it's already too late. CrowdStrike Global Threat Report Highlights Tracking more than 250 named adversaries and 140 emerging activity clusters, CrowdStrike's latest research reveals: China's Cyber Espionage Grows More Aggressive: CrowdStrike identified seven new China-nexus adversaries in 2024, fueling a 150% surge in espionage attacks, with critical industries seeing up to a 300% spike in targeted attacks. GenAI Supercharges Social Engineering: AI-driven phishing and impersonation tactics fueled a 442% increase in voice phishing (vishing) between H1 and H2 2024. Sophisticated eCrime groups like CURLY SPIDER, CHATTY SPIDER and PLUMP SPIDER leveraged social engineering to steal credentials, establish remote sessions and evade detection. Iran Utilizes GenAI for Vulnerability Research and Exploitation: In 2024, Iran-nexus actors increasingly explored GenAI for vulnerability research, exploit development and patching domestic networks, aligning with government-led AI initiatives. From Breaking In to Logging In – Surge in Malware-Free Attacks: 79% of attacks to gain initial access are now malware-free while access broker advertisements surged 50% YoY. Adversaries exploited compromised credentials to infiltrate systems as legitimate users, moving laterally undetected with hands-on keyboard activities. Insider Threats Continue to Rise: DPRK-nexus adversary FAMOUS CHOLLIMA was behind 304 incidents uncovered in 2024. 40% involved insider threat operations, with adversaries operating under the guise of legitimate employment to gain system access and carry out malicious activity. Breakout Time Hits Record Speed: The average eCrime breakout time dropped to 48 minutes, with the fastest recorded at 51 seconds—leaving defenders little time to react. Cloud Environments Under Siege: New and unattributed cloud intrusions increased by 26% YoY. Valid account abuse is the primary initial access tactic, accounting for 35% of cloud incidents in H1 2024. Unpatched Vulnerabilities Remain a Key Target: 52% of vulnerabilities observed were related to initial access, reinforcing the critical need to secure entry points before adversaries establish persistence. "China's increasingly aggressive cyber espionage, combined with the rapid weaponization of AI-powered deception, is forcing organizations to rethink their approach to security," said Adam Meyers, head of counter adversary operations at CrowdStrike. "Adversaries exploit identity gaps, leverage social engineering and move across domains undetected—rendering legacy defenses ineffective. Stopping breaches requires a unified platform powered by real-time intelligence and threat hunting, correlating identity, cloud and endpoint activity to eliminate the blind spots where adversaries hide." CrowdStrike pioneered adversary-driven cybersecurity through the CrowdStrike Falcon® cybersecurity platform, which delivers AI-powered protection, real-time threat intelligence and expert threat hunting to secure identity, cloud and endpoint as the gold standard in cybersecurity. Leveraging innovative behavioral AI and machine learning trained on industry-leading threat intelligence and trillions of security events, CrowdStrike delivers real-time protection against advanced threats, providing comprehensive visibility and protection across the entire attack lifecycle. Additional Resources: Download the 2025 CrowdStrike Global Threat Report. Visit CrowdStrike's Adversary Universe for the internet's definitive source on adversaries. Listen to the Adversary Universe podcast to glean insights into threat actors and recommendations to amplify security practices. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. Learn more: Follow us: Blog | Twitter | LinkedIn | Facebook | Instagram Start a free trial today: © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services. View source version on Contacts Jake SchusterCrowdStrike Corporate Communicationspress@
