Ten Years Hidden in Plain Sight
The Israeli incident-response firm Sygnia has disclosed one of the longest documented undetected intrusions on record, a China-nexus espionage campaign it calls Operation Highland and attributes to the group known as Velvet Ant. According to Sygnia, the attackers maintained persistence inside a single large organization's network for roughly a decade, with the campaign beginning in 2016 and surviving years of normal IT operations, staff turnover, and infrastructure changes without being discovered.
Duration alone makes this case extraordinary, but the method is what should unsettle every defender. Velvet Ant did not rely on a flashy exploit or a noisy malware family. It quietly compromised the part of the system every other control depends on, the authentication layer, and from there it watched everything. As Sygnia put it, "administrative activity became fully observable: every login; every command executed across compromised hosts." Once you own how a system decides who is trusted, you own the system.
Trojanizing the Authentication Stack
The technical heart of Operation Highland was the subversion of Linux's core login machinery. The attackers replaced Pluggable Authentication Module components, including the ubiquitous pam_unix.so, with backdoored versions, and they trojanized OpenSSH binaries such as ssh, sshd, and scp. Investigators ultimately catalogued nine distinct backdoored pam_unix.so variants, a detail that speaks to the patience and engineering discipline behind the operation. This was not a smash-and-grab; it was a long-term tenancy.
By corrupting PAM and SSH, the group could harvest credentials as legitimate users logged in and could grant itself access without tripping the usual alarms. To the monitoring tools that existed, the activity looked like ordinary administration because, mechanically, it passed through the same trusted code paths. This is the nightmare scenario for detection: the malicious behavior is indistinguishable from sanctioned behavior because the attacker rewrote the definition of sanctioned.
Bridging the Air Gap
Perhaps the most alarming element is how Velvet Ant reached a network segment that was supposed to be isolated. Many organizations treat air-gapping, the physical and logical separation of sensitive systems from the wider network, as a near-absolute control. Operation Highland demonstrates that the gap is only as strong as the trust relationships that quietly span it. The attackers chained Nginx and a compromised FastCGI process to achieve remote execution, then deployed a custom SOCKS5 proxy to tunnel into the air-gapped environment.
The lesson is uncomfortable but important. Air-gaps are frequently bridged by maintenance pathways, jump hosts, shared authentication, or data-transfer mechanisms that exist for legitimate operational reasons. An adversary with a decade of patience and full visibility into administrative activity will find those pathways. Treating isolation as a guarantee rather than as one layer in a defense-in-depth strategy is, as this case shows, a dangerous assumption.
Why Detection Failed for So Long
A reasonable question is how an intrusion of this scale evaded discovery for ten years. Part of the answer is that the compromise lived below the level most security tooling inspects. Endpoint detection and log analysis generally assume the underlying authentication and SSH binaries are trustworthy. When those very components are the implant, the tools are reporting on a reality the attacker controls. Integrity of the foundational binaries is rarely verified continuously, and that blind spot is exactly where Velvet Ant settled.
The other factor is organizational. Long-lived infrastructure accumulates undocumented configurations, orphaned accounts, and forgotten trust relationships that no single administrator fully understands. An attacker who has been resident for years often understands the environment better than its owners do. We have seen this pattern before with sophisticated state-aligned groups, and the defense is not a single product but a discipline of continuous verification, least privilege, and assuming compromise rather than ruling it out.
What Defenders Should Take From It
For security leaders, Operation Highland is a prompt to revisit assumptions about the parts of the stack rarely questioned. Verifying the integrity of authentication modules and SSH binaries, monitoring for unexpected changes to PAM configuration, and treating the identity layer as a crown-jewel asset are concrete steps. So is mapping, honestly and exhaustively, every pathway that crosses an air gap, because those pathways are where isolation quietly fails.
More broadly, the case argues for humility. The most dangerous intrusions are not the loud ones that trigger incident response within hours; they are the quiet tenancies that outlast the people who could have caught them. Velvet Ant did not need a zero-day arsenal to spend a decade inside a sensitive network. It needed to compromise trust at the lowest level and wait. Defenders who internalize that will spend less time chasing exotic exploits and more time hardening the foundations attackers actually target.
