Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Russian State Hackers Target Vulnerable Routers Worldwide

July 14, 2026

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

July 14, 2026

Progress Software Warns of “External Security Threat” to ShareFile

July 13, 2026
Facebook X (Twitter) Instagram
Tuesday, July 14
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
News

China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

Team-CWDBy Team-CWDJuly 14, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices.

According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) actor that’s responsible for maintaining and proliferating LapDogs, an ORB network that first came to light in June 2025.

“UAT-7810 is most likely tasked with establishing Operational Relay Box (ORB) networks that can then be leveraged by associated secondary threat actors to conduct their own malicious attacks against high value targets,” researchers Jungsoo An, Asheer Malhotra, Vanja Svajcer, and Brandon White said.

One such China-nexus threat actor that has leveraged the infrastructure in its own attacks is UAT-5918, which has been linked to cyber attacks targeting critical infrastructure entities in Taiwan since at least 2023 with an aim to establish persistent access within victim environments.

The latest findings indicate that UAT-7810 has continued to develop their custom malware dubbed ShortLeash with a newer version that’s codenamed LONGLEASH. Also put to use by the threat actor are two other previously unreported tools –

  • DOGLEASH, a passive backdoor that can execute arbitrary shellcode on a compromised Linux device
  • LEASHTEST, an ELF binary that’s used for testing certain functionality, like creating a thread, a child process, or an async timer, on MIPS-based embedded devices

“UAT-7810 used at least four new servers to host a variety of minor variations of DOGLEASH to deploy against compromised targets,” the researchers added. “An additional Java-based (JAR package) backdoor that we track as ‘JARLEASH’ was also deployed by UAT-7810 on at least one of the three servers for administration purposes, including file management, FTP, SFTP, and Netcat.”

Attack chains mounted by the hacking crew are known to weaponize known vulnerabilities in unpatched Ruckus wireless routers, such as CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717. Campaigns observed earlier this year have also singled out ASUS AiCloud Routers susceptible to CVE-2025-2492, indicating potential attempts to broaden the ORB network.

ShortLeash incorporates a backdoor capable of contacting an external server, hosting a web server, and acting as both a command-and-control (C2) server and client. Its successor, LONGLEASH, packs in additional functionality, pointing to an active development cycle. Some of the newer features are listed below –

  • An executor component that enables proxying functions using HTTP, DNS, SOCKS, TCP, ICMP, and UDP protocols, manages network connections to other servers, authorizes clients, and removes the implant and all traces from the server if any tampering attempts are detected
  • Act as an intermediate C2 server to relay commands and data from the primary C2 and forward it to its peers

“The development and use of LEASHTEST signifies that even though they have developed LONGLEASH, a full-fledged backdoor framework, UAT-7810 is still actively testing functionality on MIPS platforms and may not be completely confident of its behavior on MIPS devices,” Talos said.



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleProgress Software Warns of “External Security Threat” to ShareFile
Next Article Russian State Hackers Target Vulnerable Routers Worldwide
Team-CWD
  • Website

Related Posts

News

Russian State Hackers Target Vulnerable Routers Worldwide

July 14, 2026
News

Progress Software Warns of “External Security Threat” to ShareFile

July 13, 2026
News

15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros

July 13, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Your information is on the dark web. What happens next?

January 13, 2026

The WhatsApp screen-sharing scam you didn’t see coming

November 6, 2025

Top IRS scams to look out for in 2026

February 10, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.