UAT-7810 malware set to grow ORB relay infrastructure via exposed routers
Source headline: Chinese hackers develop LONGLEASH malware to expand ORB network
Intelligence Summary
Chinese threat activity tracked as UAT-7810 is being used to evolve the LONGLEASH malware. The goal is to expand an Operational Relay Box (ORB) network for traffic relaying. The campaign focuses on compromising internet-facing networking equipment, especially unpatched Ruckus routers. This increases the number of nodes that can be leveraged for further malicious operations. Network operators should review exposure of edge devices, patch vulnerable router firmware, and monitor for related persistence and relay behavior.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.