Forewarned is forearmed, and nowhere is this sentiment more true than in the field of cybersecurity. When George Kurtz and his team founded CrowdStrike, they enshrined this philosophy at the very core of the company’s mission, and the saying “You don’t have a malware problem, you have an adversary problem,” became our calling card. It was George’s contention that if we were going to be successful in helping companies protect their networks and information assets from the ‘bad guys’ then the malware was just a symptom of a larger problem and the most robust security posture was rooted in understanding ‘who’ was unleashing that malware. In short, understanding the adversary is the key to protecting against attacks because, while you can’t foresee all attacks, you can at least use intelligence from the past to inform possible future assaults and help mitigate consequences. Consuming adversary intelligence is important to enterprises because in order to protect yourself, you need to know both who will come after you and how they will come after you.
Our intelligence team is dedicated to tracking the activities of threat actor groups and understanding as much as possible about each. In 2013, we tracked more than 50 adversaries, the most recent of which, Putter Panda, is the subject of our recently released intelligence report.
We use a cryptonym system for adversary categorization. So Putter Panda isn’t just a pet name; it designates both the adversary’s nation-state and the group they targeted…in this case, golf-playing conference attendees in the space technology sector.
Some adversaries are tied to nation-state actors—in this case, “Panda” is the umbrella term for all nation-state activity tied to the People’s Republic of China. Non-nation-state based adversaries are categorized not by location but by intention; for instance, activist groups like the Syrian Electronic Army, are categorized as “Jackal,” which expresses both intent and motivation. The following is the cryptonym system that Crowdstrike uses for adversary categorization:
Panda = China
Bear = Russia
Kitten = Iran
India = Tiger
North Korea = Chollima (a mythical winged horse)
Jackal = Activist groups
Spider = Criminal groups
To get full access to CrowdStrike’s next-gen antivirus solution for 15 days visit the Falcon Prevent free trial page.