Cyber Resilience

Campaign · all campaigns

RedPenguinC0056 state

🇨🇳 CN

aka RedPenguin

Run by UNC3886

Last updated: 2026-07-03

1attributed CVEs
32ATT&CK techniques
4.3IDF score (tooling uniqueness)
1exclusive CVEs
2025years active

About this actor

The [RedPenguin](https://attack.mitre.org/campaigns/C0056) project was launched by Juniper in July 2024 to investigate reported malware infections of Juniper MX Series routers. [RedPenguin](https://attack.mitre.org/campaigns/C0056) activity was separately attributed to [UNC3886](https://attack.mitre.org/groups/G1048) and included the deployment of multiple custom versions of the publicly-available TINYSHELL backdoor on Juniper routers.(Citation: Juniper RedPenguin MAR 2025)(Citation: Mandiant UNC3886 Juniper Routers MAR 2025)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2025-21590 KEV10.04.40.02742025-03-12see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-422 / 3269%
CM-621 / 3266%
SI-320 / 3262%
CM-218 / 3256%
CA-717 / 3253%
CM-716 / 3250%
AC-315 / 3247%
SC-713 / 3241%
AC-411 / 3234%
AC-611 / 3234%
SI-711 / 3234%
AC-210 / 3231%
SI-108 / 3225%
AC-56 / 3219%
AC-175 / 3216%

Co-occurring actors

None.

Similar actors

Same nation-state