Skip to content

China-Linked APT UAT-7810 Expands ORB Network with New LONGLEASH Malware

To the point: Chinese APT UAT-7810 is systematically building an ORB network using LONGLEASH malware to serve as infrastructure for targeted attacks.

The Chinese threat group UAT-7810 is systematically expanding its Operational Relay Box (ORB) network by compromising internet-exposed network devices and deploying a new malware called LONGLEASH. Cisco Talos has analyzed the activities of the advanced threat group, which has maintained the LapDogs network since June 2025.

UAT-7810 is an Advanced Persistent Threat (APT) that is deliberately advancing its malware arsenals to enlarge its ORB network. The network serves as a jumping-off point for further attacks on critical infrastructure and enterprise environments. The group focuses on gaining access to internet-exposed network devices, as these frequently serve as entry points for deeper network penetration.

The LapDogs ORB network was first publicly documented in June 2025. Ongoing expansion activities with the new LONGLEASH malware indicate that UAT-7810 is consolidating and entrenching its infrastructure to ensure long-term persistence.

For CISOs, this means the threat landscape posed by this actor is continuously escalating. The combination of network relay infrastructure and specialized malware significantly complicates attribution and incident response. Prioritization of segmentation, monitoring of internet-exposed devices, and threat intelligence integration regarding UAT-7810 and its ORB activities should occur immediately.


Source: thehackernews.com · Published 8 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.3.

Share on: