CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution | CyberScoop<\/title> <meta name=\"description\" content=\"Wild variances in naming taxonomies aren\u2019t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/crowdstrike-microsoft-threat-group-attribution-initiative\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution\"> <meta property=\"og:description\" content=\"Wild variances in naming taxonomies aren\u2019t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/crowdstrike-microsoft-threat-group-attribution-initiative\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-06-03T16:28:53+00:00\"> <meta property=\"article:modified_time\" content=\"2025-06-03T16:28:56+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"618\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1748529128g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84743\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84743\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcrowdstrike-microsoft-threat-group-attribution-initiative%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcrowdstrike-microsoft-threat-group-attribution-initiative%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84743 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/crowdstrike-microsoft-threat-group-attribution-initiative\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.596330275229\">\n<div class=\"single-article__header-content\" readability=\"32.013745704467\">\n<p> Wild variances in naming taxonomies aren\u2019t going away, but a new initiative from the security vendors aims to more publicly address obvious overlap in threat group attribution. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"386\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution.jpg?resize=640%2C386&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg?resize=300,181 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg?resize=768,464 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg?resize=600,362 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg?resize=278,168 278w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-2.jpg?resize=558,337 558w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><figcaption> (Photo by Patrick Lux\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"84.724473684211\"><body readability=\"171.68366915598\"><\/p>\n<p>CrowdStrike and Microsoft announced an agreement Monday to formally connect the different names each company uses for the same threat groups in their attribution analysis. The companies said the effort will clarify inconsistencies across the industry\u2019s naming taxonomies and acknowledge when both companies identify the same threat groups. <\/p>\n<p>The alliance between the longstanding competitors doesn\u2019t call for a universal naming standard or change the frameworks CrowdStrike and Microsoft use to name threat groups. It does, however, remove confusion about overlap in groups that have been assigned multiple names by different companies.<\/p>\n<p>Threat group naming conventions stir up vigorous debates among threat intelligence professionals. Cybersecurity vendors that practice attribution want to put their stamp of ownership on the groups they track, yet this routinely creates confusion and makes it harder for defenders to cross-reference information. <\/p>\n<p>\u201cWe understand there\u2019s a challenge. We understand that our isolation in this area has created a bigger challenge for those customers trying to stop these threats,\u201d Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, told CyberScoop.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe\u2019re going to put all that to the side, and we\u2019re going to spend some of our analytic resources from both companies to try to demystify this and clarify this for the customers so that this is an easier thing for them to understand,\u201d he said.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-open-invite-for-cti-collaboration\">Open invite for CTI collaboration<\/h5>\n<p>The effort to formally recognize known threat group attribution links across vendors kicked off with coordinated announcements from both <a href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/crowdstrike-and-microsoft-unite-to-deconflict-cyber-threat-attribution\/\">CrowdStrike<\/a> and <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/06\/02\/announcing-a-new-strategic-collaboration-to-bring-clarity-to-threat-actor-naming\/\">Microsoft<\/a>, but the companies envision other competitors participating as time passes.<\/p>\n<p>Meyers hopes this alliance will create an independent resource that CrowdStrike, Microsoft and other companies can feed analysis into to create a consistently updated, authoritative guide on threat groups. While CrowdStrike and Microsoft have also discussed offering this information through an API, he said, it will be available in their blog posts and in products for now.<\/p>\n<p>\u201cWe\u2019re going to work with other big vendors out there that are also involved in attribution in order to pull this together so that we can all work off the same sheet of music,\u201d Meyers said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Google\u2019s Mandiant and Palo Alto Networks\u2019 Unit 42 told CyberScoop they\u2019re already working with CrowdStrike and Microsoft on the initiative.<\/p>\n<p>\u201cAligning on naming conventions isn\u2019t just a nice-to-have, but a game-changer for defenders trying to act fast. A shared baseline for threat actor names means faster attribution, improved cyberattack response, and fewer blind spots,\u201d Michael Sikorski, CTO and head of threat intelligence at Unit 42, said in an email.<\/p>\n<p>\u201cInconsistent naming can create confusion and potentially disrupt coordinated response efforts across the cybersecurity community,\u201d he said. \u201cWith shared threat intelligence and increased collaboration, we can disrupt their advantage before they strike.\u201d<\/p>\n<p>In practice, this means CrowdStrike, Mandiant, Microsoft and Unit 42 formally recognize that Midnight Blizzard, Cozy Bear, APT29 and UNC2452 are all the same group. Links like this aren\u2019t a surprise to threat intelligence professionals, but it\u2019s not always clear in publicly available threat reports.<\/p>\n<p>In private discussions, threat analysts working across different companies come to pretty good agreements on what they\u2019re seeing and basing attributions on, but those points of overlap often drop by the wayside and are masked or filtered out in published research reports, said Joe Slowik, director of cybersecurity alerting strategy at Dataminr.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Current naming conventions \u201cadd friction that doesn\u2019t need to be there,\u201d Slowik said. \u201cIn an ecosystem where I think that we already have a lot to do, it adds up one more layer of things, and so it\u2019s reducing efficiency and effectiveness, I think, more than anything else.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-onset-of-impacts\">Onset of impacts<\/h5>\n<p>CrowdStrike and Microsoft published a <a href=\"https:\/\/learn.microsoft.com\/en-us\/unified-secops-platform\/microsoft-threat-actor-naming\">list of more than 80 threat groups<\/a> they\u2019ve aligned with corresponding names attributed by other security vendors. The reference guide aims to improve confidence in threat group identification, simplifies correlation across platforms and reports, and quickens defender action, Vasu Jakkal, corporate vice president at Microsoft Security, said in a blog post. <\/p>\n<p>Delays as short as seconds can prevent organizations from stopping a cyberattack, Jakkal said in the blog post. \u201cOne major cause of delayed response is understanding threat actor attribution, which is often slowed by inaccurate or incomplete data as well as inconsistencies in naming across platforms.\u201d<\/p>\n<p>CrowdStrike and Microsoft are creating primary source credibility by jointly mapping threat groups and their various vendor-provided aliases together in a more formalized manner, according to Slowik.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThat\u2019s not useless, but it\u2019s not revolutionary either,\u201d he said. <\/p>\n<p>\u201cThis is movement in a direction toward potential solutions. It is not a solution,\u201d Slowik added. \u201cIf nothing else, it just highlights more of what the problem actually is, that we have to have these sort of one-off agreements between different companies to say, \u2018OK, we\u2019ll work through our lists and figure out where things are equal to each other.\u2019\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-myriad-factors-narrow-scope\">Myriad factors narrow scope<\/h5>\n<p>The CrowdStrike- and Microsoft-led initiative doesn\u2019t remove silos in threat intelligence; rather it narrowly focuses on finding common ground when vendors can publicly agree that they see obvious overlap in threat group attribution. <\/p>\n<p>The joint mapping exercise marks a step forward in taking the onus off practitioners having to do this leg work themselves, Meyers said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Business interests, marketing opportunities and different data sources will continue to create conflicts and some level of doubt in threat intelligence.<\/p>\n<p>\u201cWhile it would be nice for industry to all come together mutually and agree on a way to do this, I don\u2019t think it\u2019s ever going to work,\u201d Slowik said. \u201cOrganizations will continue to maintain their own naming and classification schema for the foreseeable future. I do not see that going away, irrespective of this effort and collaboration.\u201d<\/p>\n<p>Factors preventing a threat group naming standard, notwithstanding, the most important goal is to ensure defenders understand when threat intelligence firms are talking about the same group with defined boundaries, Meyers said.<\/p>\n<p>Naming conventions are distinct across vendors, in part because threat researchers need systems that allow for flexibility, he said.<\/p>\n<p>\u201cThis thing is not perfect. We understand that this is as much art as science when it comes to doing attribution, and so we\u2019re not going to get it right 100% of the time,\u201d Meyers added. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThis allows everybody to not be forced to adopt the other organization\u2019s analytic judgment,\u201d he said. \u201cWe can make our own analytic judgments and support them and defend them.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.5856573705179\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/crowdstrike-microsoft-threat-group-attribution-initiative\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4379,2350,282,78,387,646,625,715,46,256,4380,288,1,183],"tags":[4381,2354,286,86,391,650,630,720,54,262,4382,294,325,207],"class_list":["post-7702","post","type-post","status-publish","format-standard","hentry","category-attribution","category-crowdstrike","category-cybercrime","category-cybersecurity","category-google","category-mandiant","category-microsoft","category-palo-alto-networks","category-ransomware","category-research","category-threat-group","category-threats","category-uncategorized","category-unit-42","tag-attribution","tag-crowdstrike","tag-cybercrime","tag-cybersecurity","tag-google","tag-mandiant","tag-microsoft","tag-palo-alto-networks","tag-ransomware","tag-research","tag-threat-group","tag-threats","tag-uncategorized","tag-unit-42"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/attribution\/\" rel=\"category tag\">attribution<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/crowdstrike\/\" rel=\"category tag\">CrowdStrike<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mandiant\/\" rel=\"category tag\">Mandiant<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/palo-alto-networks\/\" rel=\"category tag\">Palo Alto Networks<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threat-group\/\" rel=\"category tag\">Threat group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/unit-42\/\" rel=\"category tag\">Unit 42<\/a>","tag_info":"Unit 42","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7702"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7702\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7702,"date":"2025-06-03T11:28:53","date_gmt":"2025-06-03T16:28:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84743"},"modified":"2025-06-03T11:28:53","modified_gmt":"2025-06-03T16:28:53","slug":"crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/06\/03\/crowdstrike-microsoft-aim-to-eliminate-confusion-in-threat-group-attribution\/","title":{"rendered":"CrowdStrike, Microsoft aim to eliminate confusion in threat group attribution"},"content":{"rendered":"