Chinese cyberspies backdoor Juniper routers for stealthy access

Chinese hackers are deploying custom backdoors on Juniper Networks Junos OS MX routers that have reached end-of-life (EoL) and no longer receive security updates. The backdoors are primarily variants of the TinyShell malware, an open-source tool that facilitates data exchange and command execution on Linux systems, and which has been used by multiple threat groups over the years. The attacks were discovered in mid-2024 by Mandiant, who attributed the attacks to a cyberespionage threat actor known as UNC3886. "In mid 2024, Mandiant discovered threat actors deployed custom backdoors operating on Juniper Networks' Junos OS routers," explains a new report by Mandiant. "Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL based backdoors operating on Juniper Networks' Junos OS routers." This threat actor is known for sophisticated attacks utilizing zero-day vulnerabilities to compromise virtualization platforms and edge n ... Read full article.