TI Mindmap HUB
Threat Intelligence Report

Velvet Ant’s Operation Highland: How a China-Nexus Actor Infiltrated an Internal Network Undetected

📅 July 9, 2026 📰 www.sygnia.co 🔍 1 CVE(s) referenced

Velvet Ant, a China-linked threat actor, maintained nearly a decade of undetected access to a highly isolated internal network by deeply compromising authentication layers—replacing PAM modules and OpenSSH binaries—to embed stealthy, resilient persistence that evaded conventional detection and rendered remediation both technically and operationally perilous.

unclassified
CVE-2024-20399

Sign in to access the full report including:
detailed analysis, IOCs, MITRE ATT&CK mapping, and STIX bundle.

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap
🎯 IOC Extraction
⚔️ MITRE ATT&CK TTPs
📦 STIX 2.1 Bundle