Pam

threats 2026-06-16
Velvet Ant's Operation Highland: A China-Nexus APT Backdoored the Linux Auth Stack for a Decade
Sygnia's Operation Highland report details how the China-nexus group Velvet Ant hid in an isolated network for nearly a decade by backdooring pam_unix.so and OpenSSH binaries — no exploit, no dropped malware, no anomalous logs.
velvet-ant apt pam openssh linux credential-theft persistence threat-hunting infrastructure

Velvet Ant's Operation Highland: A China-Nexus APT Backdoored the Linux Auth Stack for a Decade