China's VerdantBamboo spent 18 months inside a company's network. The entry point was the managed service provider next door.
The incident response started with a suspicious connection from a Linux appliance. It ended with the discovery of a Chinese state-sponsored threat actor that had been silently present in two interconnected networks for at least a year and a half — and that came back through a different door within days of being evicted through the first one.

Researchers at Volexity, documented a multi-stage intrusion campaign by the threat actor it tracks as VerdantBamboo, also known as WARP PANDA and UNC5221 by other vendors, that began with a compromised file sync appliance, expa...