CyberScoop reports that intrusions involving magic packet-listening malware have been deployed against enterprise Juniper Networks routers for a year beginning mid-2023 as part of the J-Magic attack campaign, which has been aimed at organizations in the manufacturing, semiconductor, IT, and energy sectors, primarily in Europe and South America.
Installation of the malware in targeted routers facilitates the deployment of a cd00r variant scanning for five network signals, which when received triggers reverse shell creation on the local file system, enabling device takeover, data exfiltration, and additional malware compromise, according to an investigation by Black Lotus Labs researchers. Such an attack campaign, which resembles previous SeaSpy intrusions, suggests increasingly prevalent targeting of network infrastructure appliances with less potent defenses. “Routers on the edge of the corporate network or serving as the VPN gateway, as many did in this campaign, are the richest targets. This placement represents a crossroads, opening avenues to the rest of a corporate network,” wrote researchers.
Get essential knowledge and practical strategies to fortify your network security.
