Kaspersky said that according to its tests, "OnionPoison" targets victims located in China because its C2 server checks whether the external IP address of the victim's machine is from China. Kaspersky reminded Chinese users to check whether the Tor browser they use is downloaded from the official one.

Kaspersky released its Digital Footprint Intelligence report for the Asia-Pacific region, the results of which can help businesses and countries monitor external threats and stay abreast of potential cybercriminal activity, including topics discussed on the Dark Web.

After analyzing nearly 200 posts on the Dark Web that provided initial access to corporate data, Kaspersky found that 75 percent of the posts provided initial access via Remote Desktop Protocol (RDP), each with different permissions ranging from domain administrator, local administrator and normal user permissions.

The dark web ads say that these certificates will be issued in some Western European countries, and they claim to be able to check these certificates in any official application, such as CovPass, CoviCheck, etc.