Continues building ORB networks using new malware
Essential information
- Published
- 07/07/2026 16:17
- Modified
- —
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- backdoor china-nexus cve-2020-22653 cve-2020-22658 cve-2023-25717 cve-2025-2492 dogleash jarleash leashtest longleash orb networks ruckus routers shortleash uat-7810
- Related entities
- 6 vulnerabilities (cve), 81 indicators, 4 observables, 1 intrusion sets (apt), 20 techniques (mitre), 5 malware
Description
An advanced persistent threat actor designated UAT-7810 maintains and expands the LapDogs Operational Relay Box network infrastructure. This China-nexus group develops custom malware including SHORTLEASH and its evolved version LONGLEASH, alongside newly discovered tools DOGLEASH (a C-based backdoor), JARLEASH (a JAVA-based administrative backdoor), and LEASHTEST (a testing binary for MIPS devices). The actor exploits known vulnerabilities in unpatched Ruckus wireless routers and ASUS AiCloud devices, targeting networking equipment across multiple hardware platforms including MIPS, ARM, and x64. UAT-7810 establishes relay networks that secondary threat actors leverage for attacks against high-value targets. Infrastructure analysis reveals four command servers hosting malicious payloads, with one located in Hong Kong and others associated with VPS instances across multiple countries.