China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade
Security researchers have uncovered a long-running espionage campaign linked to Chinese state-sponsored hackers who backdoored Linux login software, allowing them to maintain undetected access for nearly a decade. The attackers modified the authentication mechanism—likely the SSH daemon (sshd) or a similar login service—to accept a secret backdoor password or key, bypassing normal authentication. The backdoor was designed to blend into legitimate system logs and behavior, making it extremely difficult to detect. The campaign targeted Linux servers, which are widely used in enterprise and cloud environments. The discovery was made by analyzing compromised systems and tracing the attack infrastructure back to known Chinese threat actor groups. The hackers used custom malware and techniques to maintain persistence, including modifying system binaries and hiding processes. The nearly decade-long duration of the operation underscores the sophistication and patience of the threat actors. The findings were published by The Hacker News, citing unnamed researchers. The attack highlights the ongoing risk of supply chain and software compromise by state-sponsored groups.
Linux servers are foundational to modern infrastructure; a decade-long hidden backdoor poses severe supply chain and espionage risks.