1 article
Sygnia researchers disclosed Operation Highland, a China-nexus espionage campaign in which the Velvet Ant threat group maintained persistent, undetected access to an air-gapped enterprise network from 2016 to 2026 by hijacking authentication infrastructure and bridging the isolation via a modified Nginx binary and GS-Netcat reverse shell. The case fundamentally challenges the security model of air-gapping as an isolation control.
Velvet Ant's ten-year persistence inside an air-gapped network is being reported as an extraordinary technical achievement. It isn't. It is a predictable consequence of substituting physical isolation for security architecture, and the organisations still treating air gaps as a primary control are making the same mistake that left a critical infrastructure network exposed for a decade.
CipherWatch Editorial
Security Intelligence Platform