Hacker Uses Tailscale and OpenSSH for Persistent Access

A French-speaking attacker successfully installed a keylogger in a small automotive company in France, stealing banking and email credentials. The incident occurred when the hacker infiltrated the system and employed various techniques to cover his tracks and secure access to the systems. Notably, the attacker’s approach was highlighted when his Command-and-Control (C2) server went offline. Before this happened, he installed OpenSSH and Tailscale on the affected computer. These measures allowed him to create an alternative access point that no longer relied on the C2 server.

The use of Tailscale, software that enables a secure network over the internet, represented a sophisticated method for maintaining access to the system. By installing OpenSSH, the hacker was able to establish an encrypted connection to the infected device, making the detection of his activities more difficult. The incident raises questions about the security of corporate networks, particularly in small and medium-sized enterprises that may not have the same security resources as larger companies. The combination of a keylogger and the use of Tailscale demonstrates how attackers exploit modern technologies to achieve their goals. IT security experts warn that such attacks could increase in the future as more companies adopt cloud-based solutions and remote access.

Implementing security measures, such as multi-factor authentication and regular security audits, is deemed essential to prevent similar incidents. Investigations into this incident are ongoing. Security researchers are analyzing the techniques and methods used to gather further information about the attacker and his background. The identity of the hacker remains unknown; however, it is suspected that he possesses advanced knowledge in IT security. The vulnerability created by the installation of Tailscale and OpenSSH could also affect other companies using similar software solutions.

Experts recommend regularly checking systems for unauthorized software and ensuring that all security updates are installed promptly. Another aspect of the incident is the necessity of training employees regarding cybersecurity. Often, it is human error that allows attackers access to sensitive data. Training on recognizing phishing attempts and other threats could help minimize the risk of such attacks. The French cybersecurity authority has already taken initial steps to inform companies about the risks of such attacks.

A report on the incidents and recommended security practices will be published in the coming weeks. The authority plans to provide targeted support to companies to improve their security infrastructure. The investigations into this incident could also impact the legal framework for cybersecurity in France. Legislators are already discussing stricter regulations to require companies to implement appropriate security measures. A corresponding bill could be introduced later this year. The vulnerability created by the use of Tailscale and OpenSSH could potentially affect thousands of companies employing similar technologies. Experts estimate that up to 30% of small and medium-sized enterprises in France are vulnerable to such attacks.