Chinese hackers tracked as UAT-7810 are expanding their Operational Relay Box infrastructure by compromising internet-facing routers, especially unpatched Ruckus devices, to proxy traffic through legitimate-looking regional systems. Cisco Talos found new tools in the campaign, including LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST, alongside exploitation of multiple router vulnerabilities. #UAT-7810 #LONGLEASH #SHORTLEASH #DOGLEASH #JARLEASH #LEASHTEST #Ruckus #ASUSAiCloud #UAT-5918
Keypoints
- UAT-7810 is growing its ORB network by targeting exposed networking devices.
- Unpatched Ruckus routers are a primary target in the campaign.
- The group uses proxy infrastructure to hide traffic and complicate attribution.
- Cisco Talos identified LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST as new tools.
- UAT-7810 exploits known vulnerabilities in Ruckus and ASUS routers to gain access.