Chinese hackers reportedly stayed inside an isolated network for 10 years.
Chinese cyber-espionage group Velvet Ant allegedly compromised a large organization’s authentication stack and maintained persistence for a decade. The campaign, called “Operation Highland,” began with vulnerable internet-facing systems and then pivoted into an isolated network with no direct internet path. The attackers used reverse shells, SOCKS5 proxying, and altered Nginx routing to build a remote execution path into the protected environment. The key point is not only the length of the intrusion, but the control over authentication and administrative visibility.