The Juniper attack was done by inserting malicious code in the operating system of Juniper NetScreen VPN routers. This unauthorized code enabled remote administrative access, and allowed passive decryption of VPN traffic. The first vulnerability was done by implanting back door in the SSH password checker and the second one happened by compromising a pseudorandom number generator.
N/A
It appears attackers had access to a the source code hosting infrastructure, but not to developer keys.