Chinese hacking group UAT-7810 has developed LONGLEASH malware to strengthen their Operational Relay Box (ORB) network. This evolution aims to compromise vulnerable internet-facing devices, particularly unpatched Ruckus routers, allowing for improved evasion of detection and attribution.
UAT-7810 is a Chinese hacking group actively evolving its malware techniques. They have introduced LONGLEASH, an advanced version of SHORTLEASH, to bolster their Operational Relay Box (ORB) network. This new malware allows the group to establish a secure infrastructure for other aligned advanced persistent threats (APTs).
Cisco Talos researchers report that UAT-7810 mainly exploits known vulnerabilities found in internet-facing networking devices. Specifically, they compromise Ruckus routers using vulnerabilities like CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717, as well as CVE-2025-2492 in ASUS AiCloud routers.
LONGLEASH extends its predecessor's functionality by integrating features such as reverse shell capabilities, multiple proxying options (HTTP, DNS, TCP, etc.), an SMTP client/server system, TLS and PKI support, and self-removal when suspicious activity is detected. These enhancements enable it to effectively serve as both a command and control (C2) client and server.
In addition to LONGLEASH, Talos identified other malware including DOGLEASH, a lightweight Linux backdoor, and JARLEASH, a Java-based administrative tool. DOGLEASH can execute shell commands and modify files, while JARLEASH supports web-based file management, FTP, SFTP, and Netcat server functionalities.
The ORB network allows UAT-7810 to proxy traffic through compromised devices, minimizing detection risks and complicating attribution efforts against their activities. By exploiting vulnerable infrastructure, they enhance their operational reach and effectiveness. This development poses significant risks to affected organizations and highlights the need for robust cybersecurity measures.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Chinese hacking group UAT-7810 has developed LONGLEASH malware to strengthen their Operational Relay Box (ORB) network. This evolution aims to compromise vulnerable internet-facing devices, particularly unpatched Ruckus routers, allowing for improved evasion of detection and attribution.