Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
China APT Enhances Spy Toolkit with New ‘Leash’ Backdoors

China APT Enhances Spy Toolkit with New ‘Leash’ Backdoors

Posted on July 8, 2026 By CWS

A China-associated advanced persistent threat (APT) group has bolstered its cyber espionage arsenal with new backdoor programs, according to Cisco’s Talos researchers. This group, identified as UAT-7810, has been constructing an operational relay box (ORB) network to facilitate its spying activities.

Enhanced Espionage Campaigns

UAT-7810 has been involved in a long-term espionage operation called LapDogs, involving the infection of over 1,000 small office and home office (SOHO) routers with the ShortLeash backdoor, as reported by SecurityScorecard last year. Recent findings reveal the emergence of an updated variant named LongLeash, alongside additional malware families termed DogLeash and JarLeash.

The primary targets of UAT-7810 are vulnerabilities in Ruckus wireless routers, specifically CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717. The group exploits these vulnerabilities using payloads compatible with various architectures, such as MIPS, ARM, and x64.

Technical Advancements and Infrastructure

Talos researchers identified three IP addresses linked to virtual private server (VPS) instances utilized by UAT-7810 for downloading payloads. Additionally, four new servers were detected hosting harmful payloads like DogLeash and associated shell scripts. These servers are part of a broader campaign known as Operation WrtHug, which targets Asus AiCloud Routers.

UAT-7810 also shares infrastructure with another China-linked APT, UAT-5918. Although these groups have overlapping tools, they are tracked as separate entities. The newly discovered LongLeash backdoor extends the functionalities observed in ShortLeash, incorporating features such as command-and-control (C&C) communication, web server hosting, tunnel management, and more.

Further Details on Backdoor Capabilities

LongLeash is built on the same codebase as its predecessor but includes code from the Nanopb and MbedTLS open-source libraries. This backdoor can serve as an intermediate server, relaying commands and data between the C&C and other nodes. DogLeash, a C-based passive backdoor, and JarLeash, a Java-based backdoor, add to the group’s capabilities.

DogLeash is deployed via a script that configures iptables rules, allowing TCP traffic to specific ports, and can execute a range of commands based on inputs from the C&C. JarLeash offers straightforward access to compromised systems and can host a file management interface and run FTP and SFTP servers.

Future Implications and Monitoring

In addition to deploying backdoors, UAT-7810 has developed LeashTest, a tool to assess functionality on the MIPS platform. Although this binary is not inherently malicious, its presence can indicate potential compromise.

The continued development and testing of tools like LeashTest suggest that UAT-7810 is striving to optimize its techniques across various platforms. This ongoing evolution of its toolkit underscores the need for vigilant monitoring and robust security measures to counteract such sophisticated cyber threats.

Security Week News Tags:backdoor malware, China APT, cyber espionage, cyber threats, Cybersecurity, LONGLEASH, malware analysis, network security, Talos, UAT-7810

Post navigation

Previous Post: Ghost Phishing Unveils Security Gaps in Email Protection
Next Post: Mycelium Botnet: AI-as-a-Service Threat Emerges

Related Posts

MainStreet Bank Data Breach Impacts Customer Payment Cards  MainStreet Bank Data Breach Impacts Customer Payment Cards  Security Week News
Alleged Conti, TrickBot Gang Leader Unmasked Alleged Conti, TrickBot Gang Leader Unmasked Security Week News
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks Security Week News
Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps Security Week News
Archetyp Dark Web Market Shut Down by Law Enforcement Archetyp Dark Web Market Shut Down by Law Enforcement Security Week News
TikTok Faces Fresh European Privacy Investigation Over China Data Transfers TikTok Faces Fresh European Privacy Investigation Over China Data Transfers Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • OpenMatter Joins HOL for Secure AI Standards Development
  • Accenture Concedes Data Breach Amid Hacker Allegations
  • HalluSquatting Attack Threatens AI Coding Assistants
  • Mycelium Botnet: AI-as-a-Service Threat Emerges
  • China APT Enhances Spy Toolkit with New ‘Leash’ Backdoors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • OpenMatter Joins HOL for Secure AI Standards Development
  • Accenture Concedes Data Breach Amid Hacker Allegations
  • HalluSquatting Attack Threatens AI Coding Assistants
  • Mycelium Botnet: AI-as-a-Service Threat Emerges
  • China APT Enhances Spy Toolkit with New ‘Leash’ Backdoors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark