Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

This smart investing app powered by ChatGPT helps you choose the best stocks for your portfolio

Taylor Swift and Travis Kelce’s wedding vows: What the guests revealed

White House vandalizes Taylor Swift’s wedding with edited MSG sign

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » China Hacker Violation Juniper Network is a router with custom backdoors and rootkits
Celebrities

China Hacker Violation Juniper Network is a router with custom backdoors and rootkits

By March 12, 2025No Comments4 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 12, 2025Ravi LakshmananCyberspy/Vulnerability

Tracked as UNC3886, China and Nexus Cyberspy Group has been observed targeting Juniper network’s end-of-life MX routers as part of a campaign designed to deploy custom backdoors, highlighting its ability to focus on internal network infrastructure.

“Backdoor has a variety of custom features, including active and passive backdoor functions, and an embedded script that disables logging mechanisms on target devices,” Google-owned Mandiant said in a report shared with Hacker News.

Threat intelligence companies described development as an enemy commercial evolution. This historically exploited zero-day vulnerabilities in Fortinet, Ivanti, and VMware devices to compromise networks of interest and establish persistence for remote access.

First documented in September 2022, the hacking crew has been rated “very proficient” and can target edge devices and virtualization technologies with the ultimate goal of violating defense, technology and communications organizations in the US and Asia.

These attacks usually take advantage of the fact that these network perimeter devices do not have security surveillance and detection solutions, allowing them to operate uninterrupted and without attention.

Cybersecurity

“The compromise on routing devices is a recent trend in tactics of espionage adversaries, recognizing the ability to access critical routing infrastructures for long-term, high levels of access, and has the potential for more disruptive behavior in the future,” Mandiant said.

The latest activities discovered in mid-2024 include the use of implants based on Tinyshell, a C-based backdoor that was used in the past by various Chinese hacking groups such as Liminal Panda and Velvet Ali.

Mandiant has identified six different Tiny Shell-based backdoors, saying each has unique features.

The AppID that supports file upload/download, interactive shell, sock proxy, and configuration changes (command and control server, port number, network interface, etc.) is the same as the APPID, but uses a different set of hardcoded C2 server IRADs with passive backdoors that work from packages that access the packets of LIBPCAP-based packet sniffets running sniffets packets. Utilities and passive backdoors launch external scripts to perform process injection into legitimate JUNOS OS processes, stalling JDOSD, which stalls logs. This implements UDP backdoor using file transfer and remote shell function OEMD.

It is also worth noting that bypassing the verified Exec (Veriexec) protection of Junos OS, it takes steps to run malware. This prevents untrusted code from being executed. This is achieved by gaining privileged access to the router from the terminal server used to manage network devices using legitimate credentials.

It then uses advanced privileges to inject malicious payloads into the memory of the legitimate cat process, leading to the execution of LMPAD backdoors while Veriexec is enabled.

Cybersecurity

“The main purpose of this malware is to disable all possible logging before the operator connects to the router and performs practical activities, then restores the logs after the operator is disconnected,” Mandiant pointed out.

Other tools deployed by UNC3886 include rootkits such as reptiles and medusas. Pithook hijacks SSH authentication and captures SSH credentials. and ghost towns for anti-maintenance purposes.

We recommend that you upgrade your Juniper device to the latest images released by Juniper Network. This includes mitigation and updated signatures for the Juniper Malware Removal Tool (JMRT).

Development is just over a month after Lumen Black Lotus Labs revealed that the enterprise-grade Juniper Network router has become the target of custom backdoors as part of a campaign called J-Magic, which offers a known backdoor variant named the CD00R.

“The malware deployed on Juniper Networks’ Junos OS routers indicates that UNC3886 has advanced system in-depth knowledge of the internal system,” says Mandiant Researchers.

“In addition, UNC3886 continues to tamper with log and forensic artifacts and use passive backdoors to prioritize stealth in its operations, focusing on long-term sustainability, while minimizing the risk of detection.”

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleCyrebro’s AI-Native MDR platform wins silver at the 2025 Globee Cybersecurity Awards
Next Article Up to 170,000 UK homes are set to be more energy efficient

Related Posts

Taylor Swift wears Christian Dior couture at her wedding

July 4, 2026

Taylor Swift’s wedding guests wore monochrome gold, red and black

July 3, 2026

Karlie Kloss uses Tove’s Liquid Gold at Taylor Swift’s wedding

July 3, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

This smart investing app powered by ChatGPT helps you choose the best stocks for your portfolio

Taylor Swift and Travis Kelce’s wedding vows: What the guests revealed

White House vandalizes Taylor Swift’s wedding with edited MSG sign

Madonna “Confessions II” Album Pop-up Shop: Full Details

Trending Posts

Taylor Swift and Travis Kelce’s wedding vows: What the guests revealed

July 4, 2026

White House vandalizes Taylor Swift’s wedding with edited MSG sign

July 4, 2026

Madonna “Confessions II” Album Pop-up Shop: Full Details

July 4, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.