The collaboration validates specific connections, such as confirming that CrowdStrike’s Vanguard Panda and Microsoft’s Volt Typhoon both represent the same China-nexus threat group. Similarly, Secret Blizzard and Venomous Bear have been identified as aliases for a known Russian state-affiliated actor.
“This effort is not about creating a single naming standard,” Vasu Jakkal, corporate vice president at Microsoft Security, said in the statement. “Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.”
“While advisory names could have effectively been used for correlations, the lack of standard naming was a big challenge,” said Sunil Varkey, advisor at Beagle Security. “Correlations were mainly happening through TTP-based correlation, IoC, or other methods, which gave only fragmented views, leading to delayed responses, analyst fatigue, and inconsistencies.”