Cato Networks documented how an attacker known as Poisson compromised a small French automotive business, stole credentials, and then used OpenSSH and Tailscale to keep access even after the Havoc C2 server went offline. The case shows that removing a command-and-control server is not enough if an attacker has already built a separate persistence path. #Poisson #Havoc #OpenSSH #Tailscale #CatoNetworks
Keypoints
- Poisson broke into a French automotive business and planted a keylogger.
- The attacker stole banking and email credentials from the victim machine.
- OpenSSH and Tailscale were installed to create an alternate backdoor.
- The Havoc C2 went offline, but access continued through the Tailscale path.
- Cato Networks found 339 commands and warned that C2 takedowns are not enough.
Read More: https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html