Google’s Threat Analysis Group (TAG) and Mandiant have uncovered a sophisticated espionage campaign linked to China-nexus threat actors, targeting vulnerable Juniper routers used in enterprise and government networks worldwide. This discovery highlights the ongoing risks posed by state-sponsored attacks against aging network infrastructure. The malicious actors honed in on end-of-life and unpatched Juniper routers, exploiting known vulnerabilities to gain a foothold in networks. Many of these devices are still in active use despite lacking security updates, making them compelling targets. After exploiting the routers, the actors behind the campaign deployed custom-built malware frameworks to maintain persistent access—tools that allowed them to spy on network traffic, exfiltrate sensitive information, and potentially move laterally into broader network environments. By compromising network edge devices like routers — rather than traditional endpoints — malefactors could avoid detection by standard security tools such as endpoint protection platforms and EDR solutions. The operation also appears intelligence-driven,…
_Cybersecurite via GRISE Veille Globale on Inoreader
