Chinese Cyberespionage Group Tied to Juniper MX Router Hacks

Juniper Networks Urges Immediate Updating and Malware Scans to Block Attackers Mathew J. Schwartz (euroinfosec) • March 12, 2025

A Chinese cyberespionage operation is targeting outdated Juniper Network routers with a custom backdoor, further evidence of an onslaught by nation-state hackers against poorly secured edge devices.

See Also: AI, Automation, and Compliance: The New Frontier in Banking Risk Management

Google's Mandiant threat intelligence group said it discovered the attack campaign in mid-2024 after finding routers running Juniper's Junos OS infected with malware by a Beijing-aligned group it tracks as UNC3886.

In a report released Wednesday in coordination with Juniper, Mandiant detailed the campaign as well as the backdoors being installed in routers, which are based on a publicly available, open source Unix backdoor called Tiny Shell.

"The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging ...