← All stories
● Covered by 1 source Β· 1 reportHigh impact

Chinese hackers deploy LONGLEASH malware to enhance ORB network

Aggregated by BrevFeed security Β· updated 2h ago
πŸ”– Save

Chinese hacking group UAT-7810 has developed LONGLEASH malware to strengthen their Operational Relay Box (ORB) network. This evolution aims to compromise vulnerable internet-facing devices, particularly unpatched Ruckus routers, allowing for improved evasion of detection and attribution.

Key points

Emergence of LONGLEASH Malware

UAT-7810 is a Chinese hacking group actively evolving its malware techniques. They have introduced LONGLEASH, an advanced version of SHORTLEASH, to bolster their Operational Relay Box (ORB) network. This new malware allows the group to establish a secure infrastructure for other aligned advanced persistent threats (APTs).

Targeting Vulnerable Devices

Cisco Talos researchers report that UAT-7810 mainly exploits known vulnerabilities found in internet-facing networking devices. Specifically, they compromise Ruckus routers using vulnerabilities like CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717, as well as CVE-2025-2492 in ASUS AiCloud routers.

Capabilities of LONGLEASH

LONGLEASH extends its predecessor's functionality by integrating features such as reverse shell capabilities, multiple proxying options (HTTP, DNS, TCP, etc.), an SMTP client/server system, TLS and PKI support, and self-removal when suspicious activity is detected. These enhancements enable it to effectively serve as both a command and control (C2) client and server.

Other Malware in the Campaign

In addition to LONGLEASH, Talos identified other malware including DOGLEASH, a lightweight Linux backdoor, and JARLEASH, a Java-based administrative tool. DOGLEASH can execute shell commands and modify files, while JARLEASH supports web-based file management, FTP, SFTP, and Netcat server functionalities.

Significance of the ORB Network

The ORB network allows UAT-7810 to proxy traffic through compromised devices, minimizing detection risks and complicating attribution efforts against their activities. By exploiting vulnerable infrastructure, they enhance their operational reach and effectiveness. This development poses significant risks to affected organizations and highlights the need for robust cybersecurity measures.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2020-226539.8 CRITICAL CVE CVE-2020-226589.8 CRITICAL CVE CVE-2023-257179.8 CRITICAL CVE CVE-2025-24929.2 CRITICAL

Reporting from

Chinese hacking group UAT-7810 has developed LONGLEASH malware to strengthen their Operational Relay Box (ORB) network. This evolution aims to compromise vulnerable internet-facing devices, particularly unpatched Ruckus routers, allowing for improved evasion of detection and attribution.