CISCO Talos is monitoring UAT-7810, a suspected Chinese hacking group that has been expanding its LapDogs ORB network through malware targeting unpatched edge devices, particularly Ruckus and ASUS routers. The group employs a growing toolkit including new implants named LONGLEASH, DOGLEASH, and JARLEASH to exploit known vulnerabilities, allowing them to establish proxy nodes for espionage purposes.
Despite being tracked since 2025, no arrests have been made, and it is crucial for device owners to patch vulnerabilities and monitor their network for anomalies.