216.73.217.64

Continues building ORB networks using new malware

· Published 07/07/2026 16:17

Export JSON

Essential information

Published
07/07/2026 16:17
Modified
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
backdoor china-nexus cve-2020-22653 cve-2020-22658 cve-2023-25717 cve-2025-2492 dogleash jarleash leashtest longleash orb networks ruckus routers shortleash uat-7810
Related entities
6 vulnerabilities (cve), 81 indicators, 4 observables, 1 intrusion sets (apt), 20 techniques (mitre), 5 malware

Description

An advanced persistent threat actor designated UAT-7810 maintains and expands the LapDogs Operational Relay Box network infrastructure. This group develops custom malware including and its evolved version LONGLEASH, alongside newly discovered tools DOGLEASH (a C-based ), JARLEASH (a JAVA-based administrative ), and LEASHTEST (a testing binary for MIPS devices). The actor exploits known vulnerabilities in unpatched Ruckus wireless routers and ASUS AiCloud devices, targeting networking equipment across multiple hardware platforms including MIPS, ARM, and x64. UAT-7810 establishes relay networks that secondary threat actors leverage for attacks against high-value targets. Infrastructure analysis reveals four command servers hosting malicious payloads, with one located in Hong Kong and others associated with VPS instances across multiple countries.

External references