Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
In today’s cyberthreat landscape, even seconds of delay can mean the difference between stopping a cyberattack or falling victim to ransomware. One major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms. This, in turn, can reduce confidence, complicate analysis, and delay response. As outlined in the National Institute of Standards and Technology’s (NIST) guidance on threat sharing (SP 800-1501), aligning how we describe and categorize cyberthreats can improve understanding, coordination, and overall security posture.

That’s why we are excited to announce that Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies. By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence.

Read about Microsoft and Crowdstrike’s joint threat actor taxonomy
Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily. But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action.

Introducing a collaborative reference guide to threat actors
Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping. It includes:

A list of common actors tracked by Microsoft and CrowdStrike mapped by their respective taxonomies.
Corresponding aliases from each group’s taxonomy.
This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play. This reference guide helps to:

Improve confidence in threat actor identification.
Streamline correlation across platforms and reports.
Accelerate defender action in the face of active cyberthreats.
This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.

A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.

CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing July outage that caused widespread disruption on Windows systems around the world.

Existing low-level access for security solutions will undergo a rework

CrowdStrike President Michael Sentonas appears at DEF CON's annual Pwnie Awards to accept the 'award' because 'we got this horribly wrong [and] it's super important to own it.'

Delta CEO Ed Bastian said the company plans to seek compensation from Microsoft and CrowdStrike.

CrowdStrike (CRWD.O), opens new tab has been sued by shareholders who said the cybersecurity company defrauded them by concealing how its inadequate software testing could cause the July 19 global outage that crashed more than 8 million computers.
In a proposed class action filed on Tuesday night in the Austin, Texas federal court, shareholders said they learned that CrowdStrike's assurances about its technology were materially false and misleading when a flawed software update disrupted airlines, banks, hospitals and emergency lines around the world.

Just after midnight Eastern Time on July 19, 2024, the enterprise cybersecurity company CrowdStrike YOLOed a software update to millions of Windows machines. Or as they put it:

On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems.

That sensor configuration update caused the largest IT outage in history.

In this blog post, we examine the recent CrowdStrike outage and provide a technical overview of the root cause. We also explain why security products use kernel-mode drivers today and the safety measures Windows provides for third-party solutions. In addition, we share how customers and security vendors can better leverage the integrated security capabilities of Windows for increased security and reliability. Lastly, we provide a look into how Windows will enhance extensibility for future security products.

Microsoft has started responding with changes it wants to see in the wake of the CrowdStrike botched update. It looks like Windows kernel access is on the agenda.

CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.

A Wednesday update to its remediation guide added a preliminary post incident review (PIR) that offers the antivirus maker's view of how it brought down 8.5 million Windows boxes.

Learn more about a Word document CrowdStrike Intelligence identified containing macros that download an unidentified stealer now tracked as Daolpu.

Shares of CrowdStrike plunged 13% on Monday, extending their loss-making streak, after Wall Street analysts downgraded the stock on concerns over the financial fallout from a global cyber outage last week.

On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.

The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC.

This issue is not the result of or related to a cyberattack.

On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.

I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.

The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.

Cascading and catastrophic IT outages have hit thousands of organizations worldwide after CrowdStrike issued a faulty update in its Falcon Sensor product that caused Windows operating systems to crash.

Businesses worldwide are experiencing outages, including Windows "blue screen of death" errors on their computers, in what has already become one of the

Read this blog on the anatomy of an ALPHA SPIDER ransomware attack to better understand how they operate and how to better protect your business.

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.