Meet the Adversaries

Blue

Forewarned is forearmed, and nowhere is this sentiment more true than in the field of cybersecurity.  When George Kurtz and his team founded CrowdStrike, they enshrined this philosophy at the very core of the company’s mission, and the saying “You don’t have a malware problem, you have an adversary problem,” became our calling card.  It was George’s contention that if we were going to be successful in helping companies protect their networks and information assets from the ‘bad guys’ then the malware was just a symptom of a larger problem and the most robust security posture was rooted in understanding ‘who’ was unleashing that malware. In short, understanding the adversary is the key to protecting against attacks because, while you can’t foresee all attacks, you can at least use intelligence from the past to inform possible future assaults and help mitigate consequences. Consuming adversary intelligence is important to enterprises because in order to protect yourself, you need to know both who will come after you and how they will come after you.

Our intelligence team is dedicated to tracking the activities of threat actor groups and understanding as much as possible about each. In 2013, we tracked more than 50 adversaries, the most recent of which, Putter Panda, is the subject of our recently released intelligence report.

We use a cryptonym system for adversary categorization. So Putter Panda isn’t just a pet name; it designates both the adversary’s nation-state and the group they targeted…in this case, golf-playing conference attendees in the space technology sector.

Some adversaries are tied to nation-state actors—in this case, “Panda” is the umbrella term for all nation-state activity tied to the People’s Republic of China. Non-nation-state based adversaries are categorized not by location but by intention; for instance, activist groups like the Syrian Electronic Army, are categorized as “Jackal,” which expresses both intent and motivation. The following is the cryptonym system that Crowdstrike uses for adversary categorization:

Picture1

Click to enlarge

Nation-State-Based Adversaries

Panda = China
Bear = Russia
Kitten = Iran
India = Tiger
North Korea = Chollima (a mythical winged horse)

Non-Nation-State Adversaries

Jackal = Activist groups
Spider = Criminal groups

You can read more about all the adversaries we tracked during 2013 in our Global Threat Report: 2013 Year in Review, and more specifically about Putter Panda in our Intelligence Report: Putter Panda.

Adam Meyers

Adam Meyers has authored numerous papers for peer-reviewed industry venues and has received awards for his dedication to the information security industry. As Vice President of Intelligence for Crowdstrike, Meyers oversees all of CrowdStrike’s intelligence gathering and cyber-adversarial monitoring activities. Previously, Meyers was the Director of Cyber Security Intelligence with the National Products and Offerings Division of SRA International where he provided technical expertise at the tactical level and strategic guidance on overall security program objectives.

 

Stop Breaches with CrowdStrike Falcon request a live demo