Chinese hackers develop LONGLEASH malware to expand ORB network

Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as UAT-7810 are expanding their Operational Relay Box infrastructure by compromising internet-facing routers, especially unpatched Ruckus devices, to proxy traffic through legitimate-looking regional systems. Cisco Talos found new tools in the campaign, including LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST, alongside exploitation of multiple router vulnerabilities. #UAT-7810 #LONGLEASH #SHORTLEASH #DOGLEASH #JARLEASH #LEASHTEST #Ruckus #ASUSAiCloud #UAT-5918

Keypoints

  • UAT-7810 is growing its ORB network by targeting exposed networking devices.
  • Unpatched Ruckus routers are a primary target in the campaign.
  • The group uses proxy infrastructure to hide traffic and complicate attribution.
  • Cisco Talos identified LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST as new tools.
  • UAT-7810 exploits known vulnerabilities in Ruckus and ASUS routers to gain access.

Read More: https://www.bleepingcomputer.com/news/security/chinese-hackers-develop-longleash-malware-to-expand-orb-network/