Severity: HIGH

A China-nexus group, tracked as Velvet Ant by Sygnia, maintained persistence in an isolated network for nearly a decade by backdooring Linux login systems. The attackers compromised the PAM (Pluggable Authentication Modules) and OpenSSH components, allowing them to control who could sign in. This sophisticated technique allowed them to remain undetected in a network that lacked internet connectivity, bypassing typical security measures.

Source: The Hacker News