- CompTIA cert targets operational cybersecurity skills
- This Samsung tablet has the power and polish to rival the iPad Air
- You can make a photo come alive with TikTok's new AI tool - here's how
- Trello adds 4 major project management features I didn't know I needed - and they're free
- This 16-inch Dell Inspiron is one of the most versatile laptops I've tested, and it's $200 off right now
Chinese cyberespionage group deploys custom backdoors on Juniper routers
Junos OS provides administrators with a custom command-line interface (CLI) that allows issuing Junos specific commands, but also the ability to switch to the underlying FreeBSD shell and use the general FreeBSD command-line tools and programs.
The OS also implements a modified variant of the NetBSD Verified Exec (veriexec), a kernel-based file integrity verification subsystem whose goal is to protect against the execution of unauthorized binaries. As such, deploying and running any malware implant requires a bypass of this feature or disabling it entirely, which could raise alerts.
UNC3886 developed a complex process injection technique in order to bypass variexec by creating a hung process using the built-in and legitimate cat utility, writing a malicious shellcode loader to specific memory locations assigned to the cat process and then tricking the process to execute that code. Since the malicious code execution happened through a trusted process, variexec was bypassed.
