All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Chinese State-Sponsored VerdantBamboo Actors Spent 18 Months Inside Corporate Network via MSP Attack

By

Mihir Bagwe

2h ago· 6 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Master baker tier. Every paragraph earns its place on the tray.

Score100TypenewsSentimentnegative

Summary

Chinese state-sponsored threat actor VerdantBamboo conducted a multi-stage intrusion campaign, spending 18 months inside a company's network. The initial entry point was through a neighboring managed service provider (MSP). Researchers at Volexity documented how the attackers used a Linux appliance as a foothold, maintained persistent access across two interconnected networks, and even returned through a different entry point within days of being evicted from the first one.

Key quotes

· 3 pulled
The incident response started with a suspicious connection from a Linux appliance.
It ended with the discovery of a Chinese state-sponsored threat actor that had been silently present in two interconnected networks for at least a year and a half.
The threat actor came back through a different door within days of being evicted through the first one.
Snippet from the RSS feed
China's VerdantBamboo spent 18 months inside a company's network. The entry point was the managed service provider next door. The incident response started with a suspicious connection from a Linux appliance. It ended with the discovery of a Chinese state

You might also wanna read

Vercel Security Breach: OAuth Supply Chain Attack Exposes Platform Environment Variable Risks

A security breach at Vercel exposed how a compromised third-party OAuth application provided long-term access to internal systems, bypassing

trendmicro.com·1mo ago

Major NPM Supply Chain Attack: Over 1,000 Packages Infected via Fake Bun Runtime

A major cybersecurity incident occurred where over 1,000 NPM packages and 27,000+ GitHub repositories were infected within hours via a fake

helixguard.ai·6mo ago

F5 Networks Discloses Nation-State Cyberattack on Product Systems

F5 Networks disclosed that a nation-state threat actor gained unauthorized access to its systems on August 9, 2025, maintaining persistent a

streetinsider.com·7mo ago

Research Exposes Deceptive VPN Providers Linked to Chinese PLA, Risking 700 Million Users

New research reveals that eight popular commercial VPN providers hide their ownership and operations, with serious privacy and security issu

opentech.fund·9mo ago

The Hidden Economy of IPv4 Address Leasing and Market Manipulation

The article challenges the conventional narrative of IPv4 address exhaustion, arguing that the shortage is artificial due to hoarding by lar

acid.vegas·3mo ago

AI-Powered Vending Machine Exploited Through Prompt Injection Attack

Anthropic installed an AI-powered vending machine named Claudius in the WSJ office that was designed to autonomously manage inventory, prici

kottke.org·5mo ago