Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
securityweek
Security researchers at Mandiant have discovered a series of custom backdoors deployed on end-of-life Juniper Networks Junos OS routers by a Chinese cyberespionage group that has historically targeted network devices.
According to Mandiant documentation, the backdoors were planted on end‑of‑life hardware and software and included bypasses for Junos OS’s veriexec subsystem, a kernel‑based file integrity protection mechanism.
Technical analysis shows that the attackers gained privileged access through legitimate credentials, entering the FreeBSD shell via the Junos OS CLI. Once inside, they employed process injection techniques to avoid triggering veriexec alerts.
“The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device,” Mandiant warned.
The hacking operation, tagged as UNC3886, is described as a China-nexus hacking operation that has historically targeted network devices and virtualization technologies with zero-day exploits.
The APT’s ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE