Archived
[...]
UNC3886 deployed backdoors disguised as legitimate system processes on Juniper MX routers running outdated hardware and software. These routers, using end-of-life (EOL) configurations, were easier targets due to vulnerabilities in their security systems. The malware leveraged Junos OS’s Veriexec, a file integrity monitor, to avoid detection. Instead of disabling Veriexec, the attackers injected malicious code into legitimate processes.
[...]
UNC3886 is a well-known hacking group with a track record of targeting network devices and virtualization technologies, often using previously unknown vulnerabilities (known as zero-day exploits). The group’s main focus is on espionage against industries like defence, technology, and telecommunications, particularly in the US and Asia.
While other Chinese hacking campaigns, such as those attributed to groups like Volt Typhoon or Salt Typhoon, have made headlines, Mandiant found no direct technical connections between UNC3886’s activities and those operations. This suggests that UNC3886 is a distinct threat, operating with its own tools and strategies.