Velvet Ant Backdoors Linux PAM & OpenSSH for 10 Years
🔴 Critical | Source: The Hacker News A China-linked threat actor tracked as Velvet Ant spent nearly a decade maintaining persistent access to a targeted network by backdooring PAM (Pluggable Authentication Modules) and OpenSSH — the core Linux components that control who can log in. By compromising the authentication layer itself rather than higher-visibility applications, the group was able to survive routine security clean-up efforts. This matters because the same Linux authentication stack underpins the vast majority of cloud workloads, container hosts, and on-premises infrastructure. ...