Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers
Jan 23, 2025
Malware / Enterprise Security
Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic . According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic. "J-magic campaign marks the rare occasion of malware designed specifically for JunoOS, which serves a similar market but relies on a different operating system, a variant of FreeBSD," the company said in a report shared with The Hacker News. Evidence gathered by the company shows that the earliest sample of the backdoor dates back to September 2023, with the activity ongoing between mid-2023 and mid-2024. Semiconductor, energy, manufacturing, and information technology (IT) sectors were the most targeted. Infections have been reported across Europe, Asia, and South America, including Argentine, Armenia, Brazil, Chile, Colombia, Indonesi...