Researchers recently discovered a novel backdoor named J-Magic infiltrating enterprise VPNs powered by Juniper Network's JunoOS. This malware activates via a 'magic packet' and challenges the initiating device for validation through encrypted communication. Residing solely in memory, J-Magic's design complicates detection by cybersecurity defenses. Notably, it has impacted 36 organizations, but the method of installation remains unclear. The distinctive combination of techniques employed marks it as a significant threat demanding further observation.
While this is not the first discovery of magic packet malware, there have only been a handful of campaigns in recent years.
The combination of targeting Junos OS routers that serve as a VPN gateway and deploying a passive listening in-memory only agent makes this an interesting confluence of tradecraft.
J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access after receiving a magic packet hidden in the normal flow of TCP traffic.
They still don't know how the backdoor got installed.
Collection
[
|
...
]