China-linked APT expands relay network and malware
🔍 Cisco Talos reports a China-nexus APT tracked as UAT-7810 has expanded a network of hijacked routers and devices called Operational Relay Boxes (ORBs) to hide other attackers' traffic. The group maintained a long-running LapDogs relay infrastructure and exploited unpatched Ruckus and ASUS router vulnerabilities to recruit devices. Researchers uncovered an upgraded backdoor, LONGLEASH, plus two new tools, DOGLEASH and JARLEASH, with evidence suggesting Chinese-speaking operators. Talos says the group's servers and malware remain active.
