Cyber Resilience

RedPenguin (C0056)

Auto-surfaced MITRE campaign. This page renders directly from MITRE ATT&CK data; no curated narrative or verified victim list. See /incidents.html for the curated landmark layer.

Active: 2025-2025 · Run by: UNC3886 · 1 attributed CVE(s) · 32 technique(s).

MITRE description

The [RedPenguin](https://attack.mitre.org/campaigns/C0056) project was launched by Juniper in July 2024 to investigate reported malware infections of Juniper MX Series routers. [RedPenguin](https://attack.mitre.org/campaigns/C0056) activity was separately attributed to [UNC3886](https://attack.mitre.org/groups/G1048) and included the deployment of multiple custom versions of the publicly-available TINYSHELL backdoor on Juniper routers.(Citation: Juniper RedPenguin MAR 2025)(Citation: Mandiant UNC3886 Juniper Routers MAR 2025)

« All landmark incidents  ·  All MITRE campaigns  ·  All actors