Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
Posted: Thu Mar 13, 2025 10:02 am
Security researchers at Mandiant have discovered a series of custom backdoors deployed on end-of-life Juniper Networks Junos OS routers by a Chinese cyberespionage group that has historically targeted network devices.
According to Mandiant documentation, the backdoors were planted on end‑of‑life hardware and software and included bypasses for Junos OS’s veriexec subsystem, a kernel‑based file integrity protection mechanism.
Technical analysis shows that the attackers gained privileged access through legitimate credentials, entering the FreeBSD shell via the Junos OS CLI. Once inside, they employed process injection techniques to avoid triggering veriexec alerts.
[...]
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
According to Mandiant documentation, the backdoors were planted on end‑of‑life hardware and software and included bypasses for Junos OS’s veriexec subsystem, a kernel‑based file integrity protection mechanism.
Technical analysis shows that the attackers gained privileged access through legitimate credentials, entering the FreeBSD shell via the Junos OS CLI. Once inside, they employed process injection techniques to avoid triggering veriexec alerts.
[...]
Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers