Since mid-2023, selected Juniper routers in critical sectors have been backdoored, using a stealthy variant of the publicly available cd00r backdoor. This malware, named J-Magic, secures command-line access via specific network packets and operates solely in memory. The backdoor's potential for remote control over networking devices, especially VPN gateways, raises significant security concerns. Black Lotus Labs first detected J-Magic on VirusTotal, highlighting the growing sophistication of cyber threats targeting essential infrastructure.
The malware, dubbed J-Magic, establishes a reverse shell on the local file system, allowing operators to control devices and deploy malicious software.
Black Lotus Labs noted the significant targeting of Junos OS routers, particularly those configured as VPN gateways, showcasing advanced tradecraft in cyberattacks.
Collection
[
|
...
]