A China-linked hacking group identified as UAT-7810 has expanded its proxy network, utilizing newly discovered custom malware to enhance its operations. According to researchers from Cisco Talos, this advanced persistent threat (APT) group has built ‘Operational Relay Box’ (ORB) networks, leveraging compromised routers and devices to obscure the origins of cyber-attacks. The group has previously targeted unpatched vulnerabilities in Ruckus and ASUS routers to grow its network.
Additionally, UAT-7810 is developing new tools, including an upgraded backdoor called LONGLEASH and two other backdoors, DOGLEASH and JARLEASH, which suggest continued sophistication and expansion of their malware capabilities.