🟠 High | Source: The Hacker News
A Chinese state-linked threat actor, UAT-7810, is actively developing new malware called LONGLEASH to expand its ‘LapDogs’ Operational Relay Box (ORB) network — a system of compromised networking devices used to relay and obscure malicious traffic. The group targets internet-facing network devices, making detection and attribution significantly harder. ORB networks are increasingly favoured by Chinese APTs to evade geolocation-based blocking and complicate incident response.
Security Architect’s Take: Audit and harden all internet-facing network devices (firewalls, VPN gateways, routers) by applying the latest vendor patches and disabling unnecessary management interfaces. Review egress traffic flows for unusual relay patterns or unexpected outbound connections to residential or SOHO IP ranges, which are commonly used in ORB infrastructure.
Original advisory: China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware