Chinese hackers develop LONGLEASH malware to expand ORB network
Summary
Chinese hackers, identified as UAT-7810, are deploying new malware named LONGLEASH to expand their ORB network. This operation primarily targets unpatched Ruckus routers connected to the internet, suggesting a focus on infrastructure compromise for their malicious activities.
IFF Assessment
The development and deployment of new malware by a sophisticated threat actor to expand their network infrastructure poses a direct threat to network security and data integrity.
Defender Context
This article highlights an evolving threat from Chinese-linked hackers targeting network infrastructure, specifically Ruckus routers. Defenders should prioritize patching internet-facing devices, especially those from Ruckus, and monitor for signs of compromise related to ORB networks. The use of malware like LONGLEASH underscores the need for robust network segmentation and intrusion detection capabilities.