China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors
UAT-7810, a China-linked APT, is expanding its LapDogs espionage campaign with new backdoors and infrastructure for ORB network operations, including LongLeash, DogLeash, and JarLeash. Talos found the group targeting vulnerable Ruckus and Asus routers, using multi-architecture payloads and testing MIPS functionality with LeashTest. #UAT7810 #LongLeash #DogLeash #JarLeash #LeashTest #LapDogs #Ruckus #AsusAiCloudRouters

Keypoints

  • UAT-7810 is a China-linked APT building an ORB network for espionage.
  • The group updated its toolkit with LongLeash, DogLeash, and JarLeash.
  • More than 1,000 SOHO routers were previously infected with ShortLeash.
  • UAT-7810 targets Ruckus router vulnerabilities and uses payloads for MIPS, ARM, and x64.
  • Talos also identified LeashTest as a MIPS testing binary that can serve as an IoC.

Read More: https://www.securityweek.com/china-linked-apt-expands-arsenal-with-new-leash-backdoors/