A French-speaking threat actor compromised a small automotive business using credential theft and keylogging, but distinguished himself by installing OpenSSH and Tailscale as persistent backdoors independent of his command-and-control infrastructure. This tactic ensured continued access even after his Havoc C2 server went offline, demonstrating evolving attacker resilience strategies that bypass t
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building a way back in that did not run through the C2 at all. When the Havoc server went offline the next
Originally published at thehackernews.com
60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.
