www.securityweek.com 7/8/2026, 4:01:35 PM · external

China linked APT UAT7810 uses LongLeash backdoor on SOHO routers

China linked APT UAT7810 uses LongLeash backdoor on SOHO routers
Developing story campaign 3 articles tracked
China-linked APT UAT-7810 expands SOHO router backdoor network
CyberSIXT Evidence Panel
Threat Actor
UAT-7810

A China-linked advanced persistent threat (APT) actor, tracked as UAT-7810, is enhancing its espionage capabilities by developing a network of operational relay boxes (ORBs) and updating its malware arsenal, including the newly identified LongLeash backdoor. This threat group has infected over 1,000 small office/home office (SOHO) routers with variations of backdoors like ShortLeash, LongLeash, DogLeash, and JarLeash.

The Latest LongLeash backdoor supports complex functionalities including command-and-control (C&C) communication and server hosting. It is designed to exploit vulnerabilities in Ruckus wireless routers and works alongside another China-linked group, UAT-5918. The APT's infrastructure utilizes various servers and IP addresses for malicious payload hosting. Recent developments also indicate ongoing testing of MIPS platform functionalities with a non-malicious binary known as LeashTest.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline