Operation Highland: Backdoor in PAM and OpenSSH Hidden for Nearly a Decade

Colleagues, a cybersecurity alert: Sygnia researchers uncovered that a China-aligned group implanted backdoors in PAM and OpenSSH and remained undetected since 2016.
- Modified trusted login modules: secret passwords, credential and command logging; nine distinct versions identified.
- Access via internet-facing systems and a bridge into isolated networks; apparent exploits not required.
- Standard responses—password resets, session termination—are ineffective if authentication software is compromised.
Why this matters: monitor integrity of authentication components and verify against golden copies before rotating credentials.
What practices do you use to monitor PAM/OpenSSH?
#cybersecurity #Linux #infrastructure #PAM


Latest comments
No comments yet.