Checking all the Boxes: LapDogs, The New ORB in Town
Essential information
- Published
- 26/06/2025 21:14
- Modified
- 27/06/2025 08:07
- Tags
- 2025-06-26 CVE-2017-17663 orb shortleash soho devices southeast asia tls certificates
- Related entities
- 2 vulnerabilities (cve), 26 observables, 1 intrusion sets (apt), 15 techniques (mitre), 1 malware, 9 others
Description
SecurityScorecard's STRIKE team has uncovered a new China-Nexus Operational Relay Box (ORB) network called 'LapDogs', targeting primarily Linux-based SOHO devices globally. The network, active since September 2023, focuses on the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan. LapDogs employs a custom backdoor named 'ShortLeash', which establishes footholds on compromised devices and connects them within the network. Over 1,000 actively infected nodes have been identified, revealing geographical targeting patterns indicative of structured tasking. The research highlights the network's gradual growth, methodical operation, and distinct intrusion sets, setting it apart from opportunistic botnets. Victimology analysis reveals affected ISPs, hardware vendors, and organizations in IT, networking, real estate, and media sectors.