China-linked APT UNC3886 targets EoL Juniper routers

China-linked APT UNC3886 is deploying custom backdoors on outdated Juniper Networks Junos OS MX routers. The backdoors, based on the TINYSHELL malware, enable remote access, persistence, and stealth, allowing the attackers to evade detection and maintain long-term control over the compromised routers. UNC3886, known for targeting defense, technology, and telecommunications sectors, demonstrates a deep knowledge of system internals and prioritizes stealth in its operations.