Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
China-Linked Hackers Target Ruckus Routers in Cyber Campaign

China-Linked Hackers Target Ruckus Routers in Cyber Campaign

Posted on July 8, 2026 By CWS

Introduction

A sophisticated hacking group linked to China, known as UAT-7810, is expanding its global network of compromised internet devices by exploiting vulnerabilities in Ruckus wireless routers. This operation is part of what researchers have termed an Operational Relay Box (ORB) network, which disguises the source of cyberattacks by routing malicious traffic through everyday home and business networks.

Such networks have been under scrutiny since 2025 when security experts first identified the LapDogs infrastructure. Despite ongoing efforts to curb its expansion, UAT-7810 continues to enhance its network, making it increasingly challenging for cybersecurity specialists to trace back the origins of these attacks.

Exploitation of Ruckus Routers

UAT-7810’s primary method involves exploiting known vulnerabilities in unpatched Ruckus routers. This strategy highlights the risks associated with outdated firmware, which remains an easy target for cyber intrusions. Once a router is compromised, the hackers deploy custom malware to maintain long-term control over the device.

The core of their current campaign involves a backdoor called SHORTLEASH, which is being phased out in favor of a more advanced variant named LONGLEASH. This upgraded tool not only operates as a proxy but also manages encrypted tunnels and functions as a command server, effectively masking its activities as standard web traffic.

New Tools and Techniques

In addition to LONGLEASH, researchers from Cisco Talos have identified two new tools used by the hackers: DOGLEASH and JARLEASH. DOGLEASH is a lightweight backdoor that listens for specific instructions on infected devices, while JARLEASH provides a file management interface and transfer capabilities, coded with comments in Simplified Chinese.

These tools are part of a larger toolkit designed to enhance the group’s ability to maintain their ORB network. By sharing certain tools with another China-linked group, UAT-5918, UAT-7810 demonstrates a collaborative approach to sustaining and expanding their cyber capabilities.

Implications and Preventive Measures

Ruckus routers are a favored entry point due to their widespread use and the presence of unaddressed vulnerabilities. Since 2025, UAT-7810 has exploited at least three known flaws to infiltrate these devices, which are then integrated into the ORB network for extended periods without owner detection.

To mitigate these threats, both organizations and individual users are urged to ensure their routers receive the latest security updates and consider replacing outdated hardware. Network segmentation can also help limit the impact of a compromised router by isolating it from other devices.

Conclusion

The ongoing activities of UAT-7810 underscore the importance of maintaining robust cybersecurity practices. Regular monitoring of network traffic for anomalies and adopting proactive defense measures are critical steps in protecting against such persistent threats. As this group continues to refine its techniques, staying informed and vigilant remains essential for safeguarding critical infrastructure.

Cyber Security News Tags:China hackers, cyber attacks, cyber threats, Cybersecurity, hacker groups, hacking tactics, internet security, Malware, network protection, network security, persistent threats, router security, Ruckus routers, security updates, Vulnerabilities

Post navigation

Previous Post: CISA Highlights Exploited Vulnerabilities in Key Software
Next Post: China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH

Related Posts

Cloudflare Unveils MCP Server Portals to Secure AI Revolution Cloudflare Unveils MCP Server Portals to Secure AI Revolution Cyber Security News
HackerOne Paid  In Bug Bounty With Emergence of Bionic Hackers HackerOne Paid $81 In Bug Bounty With Emergence of Bionic Hackers Cyber Security News
Critical SQL Injection Flaw Patched in SAP S/4HANA Critical SQL Injection Flaw Patched in SAP S/4HANA Cyber Security News
Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins Threat Actors Exploiting SonicWall Firewalls to Deploy Akira Ransomware Using Malicious Logins Cyber Security News
PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation Cyber Security News
Apache Flink Vulnerability Risks Remote Code Execution Apache Flink Vulnerability Risks Remote Code Execution Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Discord Bug Affects Over 8,000 Accounts in Security Mishap
  • China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH
  • China-Linked Hackers Target Ruckus Routers in Cyber Campaign
  • CISA Highlights Exploited Vulnerabilities in Key Software
  • Critical Linux Flaw GhostLock Allows Root Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Discord Bug Affects Over 8,000 Accounts in Security Mishap
  • China-Based APT UAT-7810 Enhances ORB Network with LONGLEASH
  • China-Linked Hackers Target Ruckus Routers in Cyber Campaign
  • CISA Highlights Exploited Vulnerabilities in Key Software
  • Critical Linux Flaw GhostLock Allows Root Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark