Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor

Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers.

Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks‘ routers, attributing the activity to a Chinese espionage group known as UNC3886.

The backdoors provided attackers with persistent access to compromised networks while actively evading detection mechanisms.

In mid-2024, Mandiant discovered threat actors had deployed custom backdoors on Juniper Networks’ Junos OS routers, which form critical components of many organizational network infrastructures.

The APT Hackers attributed these backdoors to UNC3886, a highly skilled China-nexus cyber espionage group with a history of targeting network devices and virtualization technologies, particularly within defense, technology, and telecommunication organizations across the US and Asia.

Mandiant worked with Juniper Networks to investigate the activity and determined that the affected Juniper MX routers were running end-of-life hardware and software, making ...