Summary: Chinese hackers, linked to the UNC3886 group, have been identified deploying custom backdoors on end-of-life Juniper Networks’ Junos OS MX routers. The backdoors, primarily based on the TinyShell malware, exploit vulnerabilities to facilitate unauthorized access and data exfiltration. Mandiant’s report emphasizes the need for immediate device replacement and enhanced security measures to mitigate these threats.
Affected: Juniper Networks, Junos OS MX routers
Keypoints :
- UNC3886 uses six variants of TinyShell malware as backdoors on Juniper routers.
- Backdoors include functionalities such as remote shell access, packet sniffing, and evasion of detection systems.
- Recommendations urge organizations to replace outdated routers and enhance authentication security with IAM systems and MFA.