Velvet Ant Hid in Air-Gapped Network for 10 Years

by ddos · June 16, 2026

Velvet Ant air-gapped network Operation Highland Sygnia, PAM OpenSSH backdoor, China APT persistence, air-gapped network breach

An air-gapped network offers no guarantee of safety when adversaries are willing to spend years probing for a way in. Researchers at Sygnia have released the full details of Operation Highland, a campaign in which the China-linked threat group Velvet Ant remained undetected inside the internal network of a large organization for nearly a decade.

A Decade of Undetected Access

According to Sygnia, the earliest traces of Velvet Ant’s activity in this environment date back to 2016. What made the intrusion particularly remarkable was the nature of the target: the network had no direct connection to the internet. The attackers first established a foothold on externally reachable servers, then pivoted through the standard corporate network before finally reaching the isolated critical infrastructure segment.

Initial Access and Lateral Movement

To gain their initial foothold, Velvet Ant deployed a modified version of GS-Netcat, which established a covert reverse command shell. The malicious file was disguised as the system utility auditdb and placed within the /usr/sbin/ directory. Across different servers, the group maintained persistence through varying mechanisms, either by registering services with systemd or by abusing older SysVinit startup scripts.

In parallel, the attackers deployed a Perl-based SOCKS5 proxy to silently redirect network traffic and continue moving through the infrastructure. Processes were dressed as legitimate system services, and filenames, port numbers, and process names changed from host to host, deliberately obfuscating the overall pattern of the attack.

Backdooring the Login Mechanism Itself

The most damaging aspect of this campaign was not the compromise of individual servers. Rather, Velvet Ant targeted the authentication mechanism itself. The group replaced PAM modules and OpenSSH components with weaponized versions. These modifications allowed the attackers to bypass standard password verification, intercept credentials, and record the commands typed by administrators.

Researchers identified nine distinct variants of a tampered pam_unix.so module. Some accepted a hardcoded password for silent backdoor access, while others additionally logged user credentials to a hidden file. Each variant had been compiled in a separate environment, pointing to a carefully coordinated and pre-planned operation.

Backdoored versions of ssh, sshd, and scp carried equally dangerous capabilities. They recorded passwords, logged shell commands, concealed traces of activity, and could even disable SELinux when launched with root privileges. One ssh variant included a dedicated option that let the attackers suppress logging of their own sessions.

SSH Keys for Password-Free Persistence

Velvet Ant also inserted its own public keys into the authorized_keys files on compromised servers. This technique provided persistent, password-free access that operated independently of the tampered system binaries, adding a second layer of resilience to the intrusion.

A Remediation Process Fraught With Risk

Cleaning up the compromise proved especially delicate. Because the attackers had embedded themselves within the very components that administrators rely on to access servers, any error in replacing PAM or OpenSSH risked locking responders out of critical systems entirely and triggering an outage.

The incident response team had to first verify recovery procedures in a controlled lab environment, then identify the correct clean component versions for each affected system, and only then transfer those fixes into the isolated network. After every step, the team confirmed that SSH access and standard authentication continued to function correctly. The full technical breakdown is available in Sygnia’s Operation Highland report.

A New Benchmark for Stealthy Persistence

Sygnia regards Operation Highland as a clear demonstration of how a sophisticated threat group can reside inside an infrastructure for years without deploying conspicuous malware or triggering obvious alerts. Velvet Ant did not merely compromise individual nodes. It seized control over the very process by which administrators authenticate into systems. Addressing this level of compromise demands far more than a surface cleanup. It requires a complete reassessment of trust in the foundational mechanisms of system administration.