Naming threat actors has always been the wild wild west. Its cool to see that Microsoft and Crowdstrike are pushing to standardize threat actor mapping. Security weekly posted about these efforts HERE.
Why does this matter? To quote … “The goal: Deconflicting adversary names to build a cohesive and enduring mapping of existing naming systems to one another. In addition, where telemetry complements one another, there’s an opportunity to extend attribution across more planes and vectors — building a richer, more accurate view of adversary campaigns that benefits the entire community,” it added.
The security industry benefited years ago when vulnerabilities started using a common language. The threat research community will likely see value if this can be done industry wide.