Half a dozen TinyShell-based custom backdoors and other malicious payloads have been spread by Chinese cyberespionage threat group UNC3886 through the exploitation of Juniper Networks MX routers that have reached end-of-life as part of an attack campaign discovered in the middle of last year, reports The Hacker News.Aside from delivering the appid and to active backdoors, as well as the irad, lmpad, jdosd, and oemd passive backdoors that facilitate file downloads, process injections, or shell command execution, UNC3886 also targeted the outdated Juniper routers to deploy the Medusa and Reptile rootkits, as well as the PITHOOK and GHOSTTOWN tools to enable SSH credentials compromise and evade detection, respectively, according to a report from Google's Mandiant team.Such findings come after enterprise Juniper Networks routers were reported by Lumen Black Lotus Labs to have been subjected to intrusions spreading a cd00r backdoor variant as part of the J-magic attack campaign.
Threat Intelligence, Network Security, Malware, IoT
Old Juniper routers targeted by Chinese hackers to deploy various payloads
(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds