Malware Infection of Juniper-Brand Routers at the Edge of High-Value Networks

Dozens of organizations have been infected with router malware that utilizes a packet-sniffing technique to minimize its footprint.

The Campaign: "J-magic"

Rather than their more popular Cisco counterparts, the campaign, which Black Lotus Labs named "J-magic," focuses on Juniper-brand routers at the edge of high-value networks. Exposed enterprise routers are compromised with a variant of a quarter-century-old backdoor, "cd00r," which remains dormant until it receives an activation phrase — a "magic packet." Only then does it grant access to a reverse shell, from which its attackers can steal data, manipulate configurations, and spread to more devices.

The Threat and Its Implications

"There’s been a lot of emphasis on" packet storm," a security threat that has been gaining attention in recent times. However, the recent infection of Juniper-brand routers highlights the ongoing threat of malware in edge networks.

The Vulnerability and the Attackers’ Tactics

The use of an old, and in some ways atavistic, malware like "cd00r" in 2025 speaks to just how much attackers can get away with in edge networks. According to Adamitis, "On your corporate laptop, you probably have Windows Defender and something from your favorite EDR vendor. There tend to be a lot of vendors for end-user workstations, but edge devices don’t really seem to have anything on them. So by living in those blind spots, attackers are able to get away with using this 20-year-old malware, because there’s no one and nothing on that particular device to actually capture that sort of user interaction."

The Need for Increased Awareness and Security Measures

The reporting around these kinds of enterprise-grade routers tends to be a lot more sparse. What we’re trying to say is: We think there might be this low visibility spot in the perimeter. It is essential for organizations to be aware of the potential threats and take necessary security measures to protect their edge networks.

Related Articles

• Trend Micro and Intel Innovate to Weed Out Covert Threats

This article highlights the ongoing threat of malware in edge networks and the need for increased awareness and security measures to protect these devices. By understanding the tactics used by attackers and the vulnerabilities in edge networks, organizations can take steps to prevent infections and protect their high-value networks.