HomeVulnerabilityChinese language cyberespionage group deploys customized backdoors on Juniper routers

Chinese language cyberespionage group deploys customized backdoors on Juniper routers

Junos OS offers directors with a customized command-line interface (CLI) that enables issuing Junos particular instructions, but additionally the power to change to the underlying FreeBSD shell and use the overall FreeBSD command-line instruments and applications.

The OS additionally implements a modified variant of the NetBSD Verified Exec (veriexec), a kernel-based file integrity verification subsystem whose aim is to guard towards the execution of unauthorized binaries. As such, deploying and working any malware implant requires a bypass of this function or disabling it solely, which might increase alerts.

UNC3886 developed a posh course of injection method as a way to bypass variexec by making a hung course of utilizing the built-in and bonafide cat utility, writing a malicious shellcode loader to particular reminiscence areas assigned to the cat course of after which tricking the method to execute that code. For the reason that malicious code execution occurred by a trusted course of, variexec was bypassed.

See also  Lacework provides a number of extensions to its multicloud security platform
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular