Velvet Ant Hackers Backdoor OpenSSH and PAM to Spy on Critical Infrastructure Network

The China-nexus actor Velvet Ant maintained a near-decade campaign by backdooring OpenSSH and PAM components to gain persistent, silent access to critical infrastructure. This operation allowed the hackers to bypass authentication and exfiltrate credentials while evading detection within segmented networks.