Credomap

Malware updated 3 months ago (2024-11-29T14:04:43.034Z)
Download STIX
Preview STIX
CredoMap is a type of malware, malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it has the potential to steal personal information, disrupt operations, or even hold data for ransom. CredoMap has been used by hackers since the second half of 2021 to target various entities including government bodies, businesses, universities, research institutes, and think tanks. The National Cybersecurity Agency of France (ANSSI) identified this threat in late October. The agency linked the hacking outfit to a series of attacks exploiting various vulnerabilities, including CVE-2023-23397, to deploy implants such as CredoMap. The Russian Advanced Persistent Threat (APT) group was also found to use several VPN clients to facilitate their activities, performing data exfiltration using the CredoMap implant, Mockbin, and the Pipedream service. Interestingly, ANSSI has characterized OCEANMAP as a more advanced version of CredoMap. This newer backdoor has been identified as another tool used by the same group behind the initial CredoMap attacks. The ongoing developments highlight the escalating sophistication of cyber threats and underscore the need for robust cybersecurity measures across all sectors.
Description last updated: 2024-05-05T09:44:00.805Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Credomap Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more