Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

China-Linked APT Expands Proxy Network With New Malware

July 8, 2026

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

July 8, 2026

RedWing Android Spyware Sold as a Service on Telegram

July 8, 2026
Facebook X (Twitter) Instagram
Thursday, July 9
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»China-Linked APT Expands Proxy Network With New Malware
News

China-Linked APT Expands Proxy Network With New Malware

Team-CWDBy Team-CWDJuly 8, 2026No Comments2 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A China-linked hacking group has been observed expanding a network of hijacked devices used to disguise cyber-attacks, arming it with several newly discovered pieces of custom malware, researchers have found.

Cisco Talos said the actor, an advanced persistent threat (APT) group it tracks as UAT-7810, built what are known as Operational Relay Box (ORB) networks, meshes of compromised routers and other devices that other hackers rent to route their traffic through and hide their origin.

Talos assessed with high confidence that UAT-7810 is a China-nexus group.

A Relay Network for Other Hackers

The company said UAT-7810 maintained a long-running ORB network known as LapDogs, first exposed in 2025, and that its role was essentially to build infrastructure for others.

Once it had quietly taken over enough devices, separate China-nexus APT groups could use that relay network to mask their own espionage against high-value targets.

To grow the network, the group broke into edge devices using known but unpatched vulnerabilities, a low-effort tactic that relies on organizations failing to apply fixes.

The researchers said it had targeted flaws in Ruckus wireless routers since 2025 and, earlier this year, began exploiting a bug in ASUS routers to fold them into the network too.

Read more on the LapDogs ORB network: Chinese “LapDogs” ORB Network Targets US and Asia

A Growing Malware Toolkit

Talos said UAT-7810 is developing an upgraded backdoor called LONGLEASH, an evolution of an earlier tool that adds proxying features and can even relay commands to other infected machines.

It also uncovered two previously unknown backdoors: DOGLEASH, which ran commands on compromised Linux devices and a Java-based tool, JARLEASH, used to manage the group’s servers.

A configuration file for JARLEASH contained comments in Simplified Chinese, which Talos said indicated Chinese-speaking operators. The firm also found a test program aimed at MIPS-based devices, a sign the group was still refining its tools for the varied hardware that made up its network.

The findings come from Talos’s own tracking of the group’s malware and servers, which it said remain active.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleSharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
Team-CWD
  • Website

Related Posts

News

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation

July 8, 2026
News

RedWing Android Spyware Sold as a Service on Telegram

July 8, 2026
News

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

July 8, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Top IRS scams to look out for in 2026

February 10, 2026

Children and chatbots: What parents should know

January 23, 2026

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

January 16, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.