Summary: A malicious campaign is targeting Juniper edge devices, particularly VPN gateways, using malware called J-magic that activates a reverse shell upon detecting a specific “magic packet.” This campaign, which has been active since mid-2023, primarily affects organizations in the semiconductor, energy, manufacturing, and IT sectors. J-magic employs a challenge-response mechanism to prevent unauthorized access, making it difficult for other threat actors to exploit the compromised devices.
Threat Actor: Unknown | unknown
Victim: Various organizations | Juniper Networks
Keypoints :
- J-magic is a custom variant of the cd00r backdoor, designed for stealth and long-term access.
- The malware uses an eBPF filter to monitor TCP traffic for the specific “magic packet” sent by the attacker.
- A challenge-response mechanism involving RSA encryption is implemented to restrict access to the compromised devices.