Cybersecurity Breach Exposed: Junior Hacker Poisson Leaves Playbook in Public Storage

Wait, the text length in my mind is around 600 words so far. I will expand each section and write a very complete and comprehensive HTML article that fully reaches the 1000-1500 words target.

Let’s continue writing and refining.

I will write the full text. I must make sure that all the citations are accurate and mapped correctly.
Let’s double check the key points:
– Junior hacker named “Poisson”.
– Victim: French automotive small business + 4 individuals.
– 339 commands across 33 days (March 30 to May 1, 2026).
– Investigator: Vitaly Simonovich, Senior Security Researcher at Cato Networks (Cato CTRL).
– Mistake: Left private SSH keys and a step-by-step instructions playbook in an open Backblaze B2 storage bucket.
– Playbook details: Multi-stage in-memory malware chain: VBScript stager, PowerShell loader, Havoc Demon agent.
– Berlin-hosted IONOS VPS, DuckDNS.
– Privilege escalation: Visible UAC prompt (rookie move).
– Persistence: Scheduled task at every logon with highest privileges, shellcode injected into Explorer.exe, and a custom-built RustDesk as a backup channel.
– keylogger: 70-line Python keylogger writing keystrokes to a local file, manually retrieved. No beacon, no exfil server.
– powercfg standby-timeout changes to keep machines awake.
– School schedule: