Bleepingcomputer
UAT-7810 Expands Malware Arsenal to Enhance ORB Network
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The China-linked threat actor UAT-7810 is evolving its malware toolkit, notably introducing LONGLEASH, an upgraded version of the SHORTLEASH backdoor. This group exploits known vulnerabilities in unpatched Ruckus routers and recently began targeting ASUS AiCloud routers. The malware facilitates the creation of an Operational Relay Box (ORB) network, allowing other APTs to mask their traffic. Talos has identified multiple CVEs exploited by UAT-7810, including CVE-2020-22653, CVE-2020-22658, and CVE-2025-2492. The group has also developed additional tools like DOGLEASH, a Linux backdoor, and JARLEASH, a Java-based administrative tool. The ongoing activity indicates a significant threat to organizations using the affected devices. The group’s tactics rely on exploiting unpatched vulnerabilities, which remain a low-effort yet effective attack vector.
Key Points: • UAT-7810 is developing LONGLEASH, an advanced version of its SHORTLEASH backdoor. • The group exploits vulnerabilities in Ruckus and ASUS routers to expand its ORB network. • New malware tools include DOGLEASH for Linux and JARLEASH for server management.