China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware

Summary

A Chinese threat actor, UAT-7810, is expanding its Operational Relay Box (ORB) network using new malware called LONGLEASH. This actor is targeting internet-facing networking devices to compromise and incorporate them into their malicious infrastructure, known as LapDogs.

IFF Assessment

FOE

The development and deployment of new malware and the expansion of a malicious network by a threat actor represent an increased risk and capability for cyber attackers.

Defender Context

This development highlights the ongoing sophistication of APT groups and their ability to leverage compromised network devices for their operations. Defenders should be vigilant in monitoring their internet-facing devices for signs of compromise and ensure they are patched against known vulnerabilities that could be exploited for device takeover.

Read Full Story →