Breach cyber

Juniper Networks

Mar 13, 2025 1 min read
Juniper Networks

Mandiant researchers discovered custom backdoors deployed by China-linked espionage group UNC3886 on outdated Juniper Networks Junos OS routers. These TINYSHELL-based backdoors aimed for long-term persistence and stealth, targeting internal networking infrastructure and ISP routers. The backdoors imitated legitimate binaries and bypassed Junos OS security mechanisms, which could potentially lead to privileged access abuse, network authentication service compromises, and further covert operations within affected systems. The incident highlights significant vulnerabilities within critical networking devices and represents a strategic threat to the defense, technology, and telecommunications sectors.

Source: https://securityaffairs.com/175308/apt/china-linked-apt-unc3886-targets-eol-juniper-routers.html

TPRM report: https://scoringcyber.rankiteo.com/company/juniper-networks

"id": "jun000031325",
"linkid": "juniper-networks",
"type": "Breach",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Juniper Networks',
                        'type': 'Company'}],
 'attack_vector': 'Custom Backdoors',
 'description': 'Mandiant researchers discovered custom backdoors deployed by '
                'China-linked espionage group UNC3886 on outdated Juniper '
                'Networks Junos OS routers. These TINYSHELL-based backdoors '
                'aimed for long-term persistence and stealth, targeting '
                'internal networking infrastructure and ISP routers. The '
                'backdoors imitated legitimate binaries and bypassed Junos OS '
                'security mechanisms, which could potentially lead to '
                'privileged access abuse, network authentication service '
                'compromises, and further covert operations within affected '
                'systems. The incident highlights significant vulnerabilities '
                'within critical networking devices and represents a strategic '
                'threat to the defense, technology, and telecommunications '
                'sectors.',
 'impact': {'operational_impact': ['Privileged access abuse',
                                   'Network authentication service compromises',
                                   'Covert operations'],
            'systems_affected': ['Juniper Networks Junos OS routers']},
 'initial_access_broker': {'backdoors_established': 'TINYSHELL-based backdoors',
                           'entry_point': 'Outdated Juniper Networks Junos OS '
                                          'routers',
                           'high_value_targets': ['Internal networking '
                                                  'infrastructure',
                                                  'ISP routers']},
 'motivation': 'Long-term persistence and stealth',
 'post_incident_analysis': {'root_causes': ['Outdated Junos OS routers']},
 'references': [{'source': 'Mandiant Research'}],
 'threat_actor': 'UNC3886',
 'title': 'UNC3886 Attack on Juniper Networks Junos OS Routers',
 'type': 'Espionage',
 'vulnerability_exploited': 'Outdated Junos OS routers'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.