Network administrators using routers from Juniper Networks are being urged to scan for possible compromise after the discovery that an unknown threat actor has been installing a backdoor in customer routers since at least 2023.
The bad news: According to researchers at Lumen Technology’s Black Lotus Labs, the unknown attacker can install a reverse shell on the local file system so they can control the router, steal data, or deploy more malware.
Even more bad news: In a commentary, SANS Institute instructor Moses Frost noted that “Juniper is installed in many internet service providers’ backbones, and so having a backdoor on these systems can be a major problem.”