Malware Campaign Targets Juniper VPN Gateways
/ 1 min read
🪄 New malware campaign targets Juniper edge devices with stealthy tactics. A malicious campaign has emerged, focusing on Juniper edge devices, particularly those functioning as VPN gateways, utilizing malware known as J-magic. This malware activates a reverse shell only upon detecting a specific “magic packet” in network traffic, allowing attackers to maintain long-term access while evading detection. Active since mid-2023, J-magic is a custom variant of the cd00r backdoor, designed to monitor TCP traffic and respond to five specific conditions. Researchers from Black Lotus Labs note that the campaign primarily targets sectors like semiconductor, energy, and IT, highlighting a growing trend of using such stealthy malware to compromise enterprise-grade routers.
