China Hackers Hid in Linux Login System for Years

A China-linked group tracked as Velvet Ant backdoored Linux PAM and OpenSSH login components to hide for nearly a decade. The attackers replaced trusted login programs with modified copies that recorded credentials and allowed secret access. Traces date back to 2016, with nine separate versions of the backdoor found.