China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Sygnia says Velvet Ant modified Linux PAM and OpenSSH components to steal credentials and maintain stealthy access since 2016.
More info