UAT-7810 refines LONGLEASH to expand ORB network via compromised networking devices
Source headline: China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
Intelligence Summary
Cisco Talos reports that a China-linked actor tracked as UAT-7810 is enhancing the LONGLEASH malware. The activity focuses on expanding an ORB (Operational Relay Box) network by compromising internet-facing networking devices. This actor maintains and grows LapDogs, an ORB infrastructure that surfaced in mid-2025. The campaign matters because compromised edge devices can become persistent footholds for further intrusion. Network operators should review exposure of management interfaces and watch for LONGLEASH/LapDogs-related indicators.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.