Summary
- Sygnia’s Operation Highland report describes a long-running Velvet Ant intrusion into an internal network with no direct internet access.
- The actor allegedly replaced PAM modules and OpenSSH binaries, gaining control over authentication and credential capture.
- The case challenges assumptions about segmentation, trusted infrastructure, and recovery after identity-stack compromise.
Sygnia says a China-nexus threat actor it tracks as Velvet Ant maintained long-term access to an internal network with no direct internet connectivity by compromising the Linux authentication layer itself.
The incident-response firm’s Operation Highland report describes an intrusion in which forensic artefacts dated back to 2016. The target network was segregated from the internet, but the actor allegedly reached it by first compromising internet-facing systems, traversing the IT environment, and using trusted paths into the internal network.
The most consequential finding is where the attacker hid. Sygnia says Velvet Ant replaced Pluggable Authentication Modules and OpenSSH binaries across multiple hosts with backdoored versions. Some variants enabled unauthorised access through secret passwords, while others captured legitimate usernames and passwords as users logged in normally.
That approach changes the response problem. If the component that validates logins is controlled by the attacker, password resets alone are insufficient. New credentials can be captured again. Killing sessions may not remove persistence. Standard malware detection may miss the change if defenders are not comparing trusted authentication components against known-good versions.
The victim has not been named, and Sygnia’s report does not establish a UK or European victim. The relevance to UK and European organisations lies in the operating pattern: sensitive networks, including critical infrastructure and industrial environments, often rely on segmentation and restricted connectivity as core controls. Operation Highland shows how those controls can fail if trusted intermediary systems become bridges into supposedly isolated environments.
Sygnia’s earlier public work on Velvet Ant described abuse of F5 BIG-IP appliances and Cisco Nexus switch infrastructure. Operation Highland follows the same strategic pattern. The actor allegedly moved into places defenders trust and monitor less: network appliances, control paths, and authentication components. The target was not only data. It was the trust layer that lets administrators operate the environment.
Regulated operators often build resilience plans around segmentation and recovery. Those plans can weaken when authentication binaries, jump paths, and administrative tooling are themselves suspect. Recovery then becomes a problem of proving trust, not merely restoring systems.
The technical exposure is uncomfortable because Linux PAM and OpenSSH are foundational components in many server, network, and operational environments. They are also mature, familiar, and often treated as stable plumbing rather than high-change attack surface. Malicious modification can therefore become durable if file integrity monitoring, package verification, and forensic baselining are weak.
Executive reporting can also understate the problem. Boards may hear that an environment is isolated, segmented, or not internet-facing. Those terms are useful, but they can create false comfort if they are not accompanied by evidence about administrative access, trusted bridges, monitoring coverage, and the integrity of authentication systems inside the segment.
Defensive work starts with verification. Organisations running sensitive Linux environments need to know which PAM and OpenSSH binaries are expected, how integrity is checked, who can modify them, and how changes are logged. They also need to review whether jump hosts, management servers, file transfer systems, or monitoring tools create indirect paths into internal environments.
Operation Highland is not a one-patch incident. Advanced intrusions often persist by making trusted systems lie. Segmentation remains necessary, but sensitive environments need mechanisms to verify that the components enforcing trust have not become part of the compromise.





