Summary: Mandiant researchers uncovered custom backdoors on deprecated Juniper Networks Junos OS routers, deployed by a Chinese cyberespionage group known as UNC3886. These backdoors allow for unauthorized access while evading security measures and were aimed at organizations within the defense, technology, and telecommunications sectors. Mandiant recommends immediate upgrades to the latest software versions to protect against these threats.
Affected: Juniper Networks Junos OS routers
Keypoints :
- Custom backdoors were found on end-of-life Juniper routers, exploiting vulnerabilities in Junos OS.
- Attackers obtained privileged access through legitimate credentials, enabling process injection techniques.
- Mandiant identified tailored malware samples and provided IOCs and YARA rules for detecting infections.
- Organizations are urged to upgrade their Juniper devices and use the Juniper Malware Removal Tool (JMRT) for safety.
Source: https://www.securityweek.com/mandiant-uncovers-custom-backdoors-on-end-of-life-juniper-routers/