Eclypsium, a supply chain security firm, has seen a sharp spike in attacks against network infrastructure. Juniper routers are at the center of the two major campaigns in 2025.
“Our network device threats timeline shows that the volume of attacks against network infrastructure has risen dramatically over the past two decades, with a sharp spike from 2020-2024,” the security firm warns.
Attackers found that this vector often pays off due to less rigorous monitoring and security compared to end-user computers, devices, and workstations. Meanwhile, network equipment often contains numerous vulnerabilities, public exploits, and other risk factors, making it an appealing target.
Eclypsium emphasizes that backdoored Juniper networking devices are at the center of the recent attacks.
In January 2025, the first attack campaign was revealed and dubbed J-Magic, involving attackers dropping a backdoor onto carrier-grade Juniper routers.
The second campaign was reported on March 11th, 2025. It involved a backdoor based on Tiny Shell, a popular open-source UNIX backdoor. Hackers targeted carrier-grade MX-series Juniper routers.
Attackers have been customizing backdoors to remain stealthy. The Tiny Shell malware involved at least six different variants.
“That lack of security monitoring and detection, along with the sheer ubiquity of a few global network infrastructure providers, including Juniper, plays a role in the increasing number of attacks targeting this gear,” Eclypsium researchers said.
Over half of the top routinely exploited vulnerabilities in 2024 directly or peripherally affect network infrastructure.
In 2024, state-sponsored threat actors specifically targeted telecoms and other critical communications infrastructure. US officials blamed Chinese-affiliated hackers for infiltrating the nation’s commercial telecommunications infrastructure.
Your email address will not be published. Required fields are markedmarked