Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH

China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH

Posted on July 8, 2026 By CWS

A sophisticated Chinese cyber threat, identified as UAT-7810, is actively upgrading its unique malware to broaden its Operational Relay Box (ORB) network. This advancement is achieved by targeting internet-exposed networking devices, as revealed by Cisco Talos researchers.

UAT-7810’s Expansion of ORB Network

UAT-7810, an advanced persistent threat (APT) group, is known for managing the LapDogs ORB network that emerged in June 2025. This network is reportedly utilized by related threat actors for launching malicious attacks on high-value targets. According to researchers Jungsoo An, Asheer Malhotra, Vanja Svajcer, and Brandon White, UAT-7810’s efforts are pivotal in establishing ORB networks that facilitate secondary threat actors’ operations.

In particular, the infrastructure has been exploited by UAT-5918, another China-affiliated threat actor, to target critical infrastructure in Taiwan since 2023, aiming to maintain long-term access within these systems.

LONGLEASH and Additional Tools

Recent developments indicate that UAT-7810 has been refining its custom malware, ShortLeash, with an updated version named LONGLEASH. Additionally, the threat actor employs two newly uncovered tools: DOGLEASH, a passive backdoor for executing shellcode on compromised Linux devices, and LEASHTEST, an ELF binary designed to test functions on MIPS-based devices like creating threads and processes.

Researchers noted the use of at least four new servers by UAT-7810 to host varied versions of DOGLEASH for deployment against compromised systems. Moreover, a Java-based backdoor, JARLEASH, was identified on one of the servers, facilitating administrative tasks such as file management and network protocols like FTP and SFTP.

Exploiting Known Vulnerabilities

The attack strategies employed by this group leverage known vulnerabilities in unpatched Ruckus wireless routers, including CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717. Campaigns earlier this year also targeted ASUS AiCloud Routers vulnerable to CVE-2025-2492, suggesting an effort to further expand the ORB network’s reach.

LONGLEASH enhances the capabilities of its predecessor, ShortLeash, by providing features such as proxying functions across various protocols, managing network connections, and acting as an intermediary command-and-control (C2) server. These enhancements indicate ongoing development and testing, particularly on MIPS platforms, as evidenced by the use of LEASHTEST.

Future Implications

The continued development of LONGLEASH and associated tools by UAT-7810 underscores the persistent and evolving threat posed by this APT group. As cybersecurity experts keep a close watch on these advancements, organizations are urged to bolster defenses against such sophisticated threats to protect critical infrastructure and sensitive data.

The Hacker News Tags:APT, China APT, Cisco Talos, cyber attacks, Cybersecurity, LONGLEASH, Malware, network security, ORB Network, Threat Actors, UAT-7810

Post navigation

Previous Post: China-Linked Hackers Target Ruckus Routers in Cyber Campaign
Next Post: Discord Bug Affects Over 8,000 Accounts in Security Mishap

Related Posts

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware The Hacker News
Identity Posture: A Key Factor in Cyber Insurance 2026 Identity Posture: A Key Factor in Cyber Insurance 2026 The Hacker News
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations The Hacker News
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability The Hacker News
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors The Hacker News
CRESCENTHARVEST Campaign Targets Iranian Protest Allies CRESCENTHARVEST Campaign Targets Iranian Protest Allies The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GhostLock Vulnerability in Linux Kernel Exposes Security Risks
  • CISA Demands Urgent Patch for Critical Software Vulnerabilities
  • Discord Bug Affects Over 8,000 Accounts in Security Mishap
  • China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH
  • China-Linked Hackers Target Ruckus Routers in Cyber Campaign

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GhostLock Vulnerability in Linux Kernel Exposes Security Risks
  • CISA Demands Urgent Patch for Critical Software Vulnerabilities
  • Discord Bug Affects Over 8,000 Accounts in Security Mishap
  • China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH
  • China-Linked Hackers Target Ruckus Routers in Cyber Campaign

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark