Intel Name: Ghost in the router: china-nexus espionage actor unc3886 targets juniper routers
Date of Scan: March 14, 2025
Impact: Medium
Summary:
In mid-2024, researchers discovered the China-nexus espionage group UNC3886 deploying custom TINYSHELL backdoors on Juniper Networks’ Junos OS routers, including end-of-life devices. These backdoors featured capabilities like disabling logging mechanisms and enabling passive and active access. Researchers recommend updating devices and running security tools to mitigate the threat. The attack highlights UNC3886’s evolving tactics and focus on targeting network and edge devices, which often lack robust security measures.
