Actors
Naming registry
Threats
Is my stack targeted?
Campaigns
Track campaigns
Compare
Attribution by source
Search
Full text search
high_confidence

J-magic Campaign

The [J-magic Campaign](https://attack.mitre.org/campaigns/C0050) was active from mid-2023 to at least mid-2024 and featured the use of the [J-magic](https://attack.mitre.org/software/S1203) backdoor, a custom cd00r variant tailored for use against Juniper routers. The [J-magic Campaign](https://attack.mitre.org/campaigns/C0050) targeted Junos OS routers serving as VPN gateways primarily in the semiconductor, energy, manufacturing, and IT sectors. (Citation: Lumen J-Magic JAN 2025)

Start date
1 June 2023
End date
1 June 2024
Techniques
4

Attributed actors

Volt Typhoon· primary

Techniques (4)

resource-development3
T1587.003Digital Certificates
T1588.001Malware
T1583.003Virtual Private Server
stealth1
T1036.005Match Legitimate Resource Name or Location

Indicators of compromise

No IOCs linked to this campaign yet.