CyberScoop reports that intrusions involving magic packet-listening malware have been deployed against enterprise Juniper Networks routers beginning mid-2023 as part of the J-Magic attack campaign aimed at organizations in the manufacturing, semiconductor, IT, and energy sectors in Europe and South America.
Black Lotus Labs said Installation of the malware in targeted routers facilitates the deployment of a cd00r variant scanning for five network signals, which when received triggers reverse shell creation on the local file system, enabling device takeover, data exfiltration, and additional malware compromise.
Such an attack campaign, which resembles previous SeaSpy intrusions, suggests increasingly prevalent targeting of network infrastructure appliances with less potent defenses.
"Routers on the edge of the corporate network or serving as the VPN gateway, as many did in this campaign, are the richest targets," wrote the researchers. "This placement represents a crossroads, opening avenues to the rest of a corporate network."
