Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure.
"The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that
March 12th, 2025 (about 1 month ago)
|
|
Description: Written by: Lukasz Lamparski, Punsaen Boonyakarn, Shawn Chew, Frank Tse, Jakub Jozwiak, Mathew Potaczek, Logeswaran Nadarajan, Nick Harbour, Mustafa Nasser
Introduction
In mid 2024, Mandiant discovered threat actors deployed custom backdoors on Juniper Networks’ Junos OS routers. Mandiant attributed these backdoors to the China-nexus espionage group, UNC3886. Mandiant uncovered several TINYSHELL-based backdoors operating on Juniper Networks’ Junos OS routers. The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that disables logging mechanisms on the target device.
Mandiant worked with Juniper Networks to investigate this activity and observed that the affected Juniper MX routers were running end-of-life hardware and software. Mandiant recommends that organizations upgrade their Juniper devices to the latest images released by Juniper Networks, which includes mitigations and updated signatures for the Juniper Malware Removal Tool (JMRT). Organizations should run the JMRT Quick Scan and Integrity Check after the upgrade.
Mandiant has reported on similar custom malware ecosystems in 2022 and 2023 that UNC3886 deployed on virtualization technologies and network edge devices. This blog post showcases a development in UNC3886’s tactics, techniques and procedures (TTPs), and their focus on malware and capabilities that enable them to operate on network and edge devices, which typically lack security monito...
CVSS: MEDIUM (6.7)
March 12th, 2025 (about 1 month ago)
|
|
March 12th, 2025 (about 1 month ago)
|
|
Description: We chat the lack of guardrails on China-based AI video models; how cops are using AI to summarize evidence from seized mobile phones; and the AI game that is making $50,000 a month.
March 12th, 2025 (about 1 month ago)
|
|
Description: The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.
March 6th, 2025 (about 1 month ago)
|
|
|
Description: The U.S. Department of Justice (DoJ) has announced charges against 12 Chinese nationals for their alleged participation in a wide-ranging scheme designed to steal data and suppress free speech and dissent globally.
The individuals include two officers of the People's Republic of China's (PRC) Ministry of Public Security (MPS), eight employees of an ostensibly private PRC company, Anxun
March 6th, 2025 (about 1 month ago)
|
|
|
March 6th, 2025 (about 1 month ago)
|
|
|
Description: The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.
March 5th, 2025 (about 1 month ago)
|
|
|
March 5th, 2025 (about 1 month ago)
|
|
|
Description: The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks.
That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking
March 5th, 2025 (about 1 month ago)
|