In mid-2024, Mandiant identified custom backdoors on outdated Juniper Networks’ Junos OS routers linked to espionage group UNC3886. The sophisticated backdoors enabled long-term persistence and access while evading detection. The compromised routers allowed the group to maintain control over network infrastructure, presenting significant risks. UNC3886 targeted internal networking like ISP routers, illustrating a shift from focusing solely on network edge devices. The attack had the potential to disrupt communications and access sensitive data across multiple sectors, highlighting the strategic value of network devices as targets. Mandiant collaborates with Juniper Networks for investigation and provides IoCs for threat detection.
Source: https://securityaffairs.com/175308/apt/china-linked-apt-unc3886-targets-eol-juniper-routers.html
"id": "jun506031825",
"linkid": "juniper-networks",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"