Chinese-Linked APT Group Deploys Custom Backdoors on Juniper Routers

Researchers from Mandiant have discovered that actors linked to China are deploying custom backdoors on Juniper Networks Junos OS MX routers. In 2024, Mandiant identified these backdoors based on TINYSHELL, attributing the attacks to a China-linked espionage group, UNC3886. These backdoors enable both active and passive access, along with a script for various capabilities. Technical details include the vulnerability CVE-2025-21590.