216.73.217.80

The J-Magic Show: Magic Packets and Where to find them

· Published 23/01/2025 21:03 · Modified 24/01/2025 08:23

Export JSON

Essential information

Published
23/01/2025 21:03
Modified
24/01/2025 08:23
Tags
2025-01-23 cd00r j-magic juniper routers
Related entities
4 observables, 20 techniques (mitre), 3 malware, 17 others

Description

Black Lotus Labs has been tracking a backdoor attack targeting enterprise-grade . Dubbed , this campaign uses a passive agent that monitors for 'magic packets' in TCP traffic. Once activated, it establishes a reverse shell for device control and data theft. The campaign, active from mid-2023 to mid-2024, targeted semiconductors, energy, manufacturing, and IT sectors. The malware, a variant of , presents detection challenges and exploits routers' long uptime. Approximately 50% of targeted devices were configured as VPN gateways, potentially allowing access to organizations' networks. The campaign's use of open-source malware and specific targeting of JunoOS-based systems makes it a noteworthy threat to enterprise networks.

External references