Threat Intelligence4 min read
Velvet Ant Hid in Linux Auth Stack for Nearly a Decade
Chinese APT Velvet Ant compromised PAM and OpenSSH on a critical infrastructure network, remaining undetected from 2016 to 2026. Here's how they did it.
Alex KowalskiJun 13, 2026