Bleepingcomputer
Chinese Hackers Evolve LONGLEASH Malware to Expand ORB Network
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Chinese threat actor UAT-7810 is enhancing its malware capabilities to expand its Operational Relay Box (ORB) network by targeting unpatched Ruckus routers. The group is developing LONGLEASH, an upgraded version of the SHORTLEASH backdoor, alongside new tools like DOGLEASH and JARLEASH. UAT-7810 exploits known vulnerabilities, including CVE-2020-22653, CVE-2020-22658, CVE-2023-25717, and CVE-2025-2492, to gain initial access to compromised devices. The ORB network allows them to proxy traffic through local infrastructure, complicating detection and attribution. Talos researchers have identified four new servers used by UAT-7810 for hosting malicious payloads. The ongoing development of LONGLEASH indicates a significant escalation in their operational capabilities. Security teams are advised to monitor for indicators of compromise linked to UAT-7810's activities.
Key Points: • UAT-7810 is evolving its malware, including the new LONGLEASH backdoor. • The group exploits vulnerabilities in Ruckus routers and ASUS AiCloud devices. • LONGLEASH expands capabilities for command and control, complicating detection.