Velvet Ant’s Operation Highland: How a China-Nexus Actor Infiltrated an Internal Network Undetected

Velvet Ant, a sophisticated China-linked threat actor, maintained nearly a decade of undetected access to an air-gapped critical infrastructure network by deeply compromising the authentication stack—replacing PAM modules and OpenSSH binaries—to embed stealthy, persistent control that survived conventional remediation and evaded standard detection.