2025-01-30 19:08:30 Pacfic
Juniper Routers Targeted by J-Magic Malware - 5d
A sophisticated cyberattack campaign, dubbed "J-Magic," has been targeting enterprise-grade Juniper routers since mid-2023, with activity observed until at least mid-2024. This stealthy operation uses custom-crafted "magic packets" to trigger a variant of the cd00r backdoor. Once activated, the malware establishes a reverse shell, granting attackers full access to the compromised devices. This allows for data exfiltration, device control, and the deployment of further malicious payloads. The malware operates by passively monitoring network traffic for specific TCP packets, designed to trigger the backdoor. This technique enables the threat actors to gain a strong foothold in enterprise networks by using routers that often serve as VPN gateways.
The "J-Magic" malware primarily focuses on routers within the semiconductor, energy, manufacturing, and IT sectors, particularly in Europe and South America. The malware is installed into the device's memory which scans for five network signals, and when it receives these, it triggers a reverse shell creation on the local file system. This allows for complete device takeover. The malware uses a unique RSA-based challenge-response mechanism to prevent unauthorized access, and while it shares some similarities with the "SeaSpy" malware family, the challenge implementation signifies a step up in operational security. The campaign appears to be targeting Junos OS, commonly used in enterprise-grade networking equipment and it has been noted that many of the compromised routers were acting as VPN gateways, which allows for lateral movement within the network.
ImgSrc: img.helpnetsecurity.com
References:
- SCM feed for Risk Assessments/Management - Malware campaign targeting enterprise Juniper routers. - 5d
- blog.lumen.com - Black Lotus Labs : The Black Lotus Labs team reports on a backdoor attack tailored for use against enterprise-grade Juniper routers in a campaign dubbed "J-magic". This backdoor is opened by a passive - 5d
- cyberpress.org - Juniper Routers Magic Packet Vulnerability Exploited to Deliver Custom Backdoor - 5d
- www.bleepingcomputer.com - A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in t - 5d
- www.helpnetsecurity.com - A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic� backdoor, which is loaded into the devices’ memory and - 5d
- gbhackers.com - Juniper routers exploited via Magic Packet vulnerability to deploy custom backdoor - 5d
- @screaminggoat - Black Lotus Labs : The Black Lotus Labs team reports on a backdoor attack tailored for use against enterprise-grade Juniper routers in a campaign dubbed 'J-magic'. - 5d
- Cyber Security News - Juniper Routers Magic Packet Vulnerability Exploited to Deliver Custom Backdoor - 5d
- GBHackers Security | #1 Globally Trusted Cyber Security News Platform - Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor - 5d
- ciso2ciso.com - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet – Source: go.theregister.com - 5d
- @theregister - Unknown attackers have been secretly inserting backdoors into Juniper routers in key sectors since mid-2023, potentially compromising a large number of critical devices. - 5d
- @jos1264 - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet – Source: go.theregister.com - 5d
- CISO2CISO.COM & CYBER SECURITY GROUP - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet – Source: go.theregister.com - 5d
- @arstechnica - Backdoor infecting VPNs used “magic packets� for stealth and security J-Magic backdoor infected organizations in a wide array of industries. - 4d
- Ars OpenForum - Backdoor infecting VPNs used “magic packets� for stealth and security - 4d
- ciso2ciso.com - J-Magic malware campaign targets Juniper routers, using a passive agent to monitor network traffic for predefined "magic packets" to exploit. - 4d
- @jos1264 - J-magic malware campaign targets Juniper routers - 4d
- go.theregister.com - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Who could be so interested in chips, manufacturing, and more, in the US, UK, Europe, Russia... - 4d
- @AAKL - Additional information about the Juniper router attack. - 4d
- @jos1264 - J-magic malware campaign targets Juniper routers – Source: securityaffairs.com - 4d
- The Hacker News - Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers - 4d
- Help Net Security - Juniper enterprise routers backdoored via "magic packet" malware - 4d
- Security Archives - Security Affairs - Threat actors are targeting Juniper routers with a custom backdoor in a campaign called "J-magic." Attackers exploit a "Magic Packet" flaw to deliver the malware. - 4d
- Threats | CyberScoop - Researchers at Black Lotus Labs have uncovered an operation where a back door is dropped onto enterprise-grade Juniper Networks routers and listens for specific network signals, known as “magic - 4d
- @BleepingComputer - A malicious campaign has been specifically targeting Juniper edge devices, many acting as VPN gateways, with malware dubbed J-magic that starts a reverse shell only if it detects a "magic packet" in t - 4d
- AboutDFIR ? The Definitive Compendium Project - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet - 2d
- The Register - Security: CSO - Initial report on the backdoor campaign - 2d
- aboutdfir.com - Someone is slipping a hidden backdoor into Juniper routers across the globe, activated by a magic packet Someone has been quietly backdooring selected Juniper routers around the world in key sectors i - 2d
Classification:
- HashTags: Juniper Backdoor MagicPacket
- Company: Juniper
- Target: Juniper Routers
- Product: Juniper Routers
- Feature: Backdoor
- Type: Malware
- Severity: Major