> TritonInfoSec News
Home / Jun 13, 2026 / Story
0
#3 The Hacker News general June 12, 2026 at 18:17 UTC

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

By [email protected] (The Hacker News)

AI Summary

Sygnia researchers revealed that China-nexus threat group Velvet Ant spent nearly a decade hidden inside a targeted network by backdooring Linux PAM and OpenSSH authentication components — the very mechanisms used to control login access. This persistence technique survived standard incident response cleanup efforts, underscoring the danger of compromising authentication infrastructure rather than user-space applications. Security teams should audit PAM and SSH configurations for unauthorized modifications as part of threat hunting activities.

Read full article → https://thehackernews.com/2026/06/china-linked-hac…

Relevance score: 90.0/100

# More from June 13

  1. 1
    Oracle mitigates PeopleSoft zero-day exploited in data theft attacks BleepingComputer
  2. 2
    Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit The Hacker News
  3. 4
    Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing The Hacker News
  4. 5
    Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs The Hacker News
  5. 6
    CISA orders feds to patch actively exploited Ivanti flaw by Sunday BleepingComputer
  6. 7
    INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator The Hacker News
  7. 8
    Tchap data breach affects over 73,000 French govt employees BleepingComputer
  8. 9
    The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm The Hacker News
  9. 10
    ‘GreatXML’ Zero-Day Exploit Bypasses BitLocker SecurityWeek