Half-a-dozen TinyShell-based custom backdoors and other malicious payloads have been spread by Chinese cyberespionage threat group UNC3886 through the exploitation of Juniper Networks MX routers that have reached end-of-life as part of an attack campaign discovered in the middle of last year, reports The Hacker News.
Google's Mandiant team reported that aside from delivering the appid to active backdoors, as well as the irad, lmpad, jdosd, and oemd passive backdoors that facilitate file downloads, process injections, or shell command execution, UNC3886 also targeted the outdated Juniper routers to deploy the Medusa and Reptile rootkits . They also targeted the PITHOOK and GHOSTTOWN tools to enable SSH credentials compromise and evade detection, respectively.
This news came after enterprise Juniper Networks routers were reported by Lumen Black Lotus Labs to have been subjected to intrusions spreading a cd00r backdoor variant as part of the J-magic attack campaign.
