Credomap

CredoMap is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or even hold data for ransom. CredoMap has been used by hackers since the second half of 2021 to target various entities including government bodies, businesses, universities, research institutes, and think tanks. The National Cybersecurity Agency of France (ANSSI) identified this threat in late October. The agency linked the hacking outfit to a series of attacks exploiting various vulnerabilities, including CVE-2023-23397, to deploy implants such as CredoMap. The Russian Advanced Persistent Threat (APT) group was also found to use several VPN clients to facilitate their activities, performing data exfiltration using the CredoMap implant, Mockbin, and the Pipedream service. Interestingly, ANSSI has characterized OCEANMAP as a more advanced version of CredoMap. This newer backdoor has been identified as another tool used by the same group behind the initial CredoMap attacks. The ongoing developments highlight the escalating sophistication of cyber threats and underscore the need for robust cybersecurity measures across all sectors.