ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

Tailscale and OpenSSH Enabled Persistent Access After Attacker’s C2 Failed

Source headline: Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 1 day ago

Intelligence Summary

A French-speaking attacker compromised a small French automotive business. The intruder installed a keylogger and stole banking and email credentials. After the command-and-control server went offline, the attacker still maintained access by deploying OpenSSH and Tailscale on a victim system. This creates a fallback path that can bypass reliance on the original C2 channel. Organizations should treat SSH and remote-access tooling as high-risk if installed unexpectedly and investigate for credential theft and persistence artifacts.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#credential-theft #keylogger #openssh #persistence #remote-access #tailscale
Original reporting The Hacker News Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
Open original source

Related Pulse Signals

View all signals
Critical · Cybersecurity Gentlemen ransomware adds EDR-killing techniques to evade defenses Medium · Cybersecurity Nintendo confirms survey data theft via TinyPulse service High · Cybersecurity USB worm delivers clipboard-stealing crypto malware via Windows shortcuts High · Cybersecurity Microsoft traces Windows USB LNK clipper to Tor-based hidden-service C2