A China-linked advanced persistent threat (APT) actor, tracked as UAT-7810, is enhancing its espionage capabilities by developing a network of operational relay boxes (ORBs) and updating its malware arsenal, including the newly identified LongLeash backdoor. This threat group has infected over 1,000 small office/home office (SOHO) routers with variations of backdoors like ShortLeash, LongLeash, DogLeash, and JarLeash.
The Latest LongLeash backdoor supports complex functionalities including command-and-control (C&C) communication and server hosting. It is designed to exploit vulnerabilities in Ruckus wireless routers and works alongside another China-linked group, UAT-5918. The APT's infrastructure utilizes various servers and IP addresses for malicious payload hosting. Recent developments also indicate ongoing testing of MIPS platform functionalities with a non-malicious binary known as LeashTest.