Skip to content

UAT-7810 Expands ORB Network with LONGLEASH Malware

Bottom Line: UAT-7810 uses LONGLEASH malware to expand an ORB relay network by compromising internet-exposed network devices.

The Chinese threat group UAT-7810 is actively developing its malware to expand its ORB network (Operational Relay Box) through access to internet-exposed network devices. Cisco Talos has confirmed it is an APT actor operating the LapDogs network since its discovery in June 2025.

The threat group UAT-7810 is classified by security researchers at Cisco Talos as an advanced persistent threat (APT) actor and deliberately focuses on developing its own malware solutions. The LapDogs network, which serves as ORB infrastructure, acts as a relay for its operations and was first publicly disclosed in June 2025.

The group’s strategy focuses on network devices that are accessible over the Internet. By penetrating such systems, the attackers build a distributed relay infrastructure that enables them to mask their command and control operations and make their activities harder to track.

For CISO teams, this development is relevant as the injection of malware into ORB networks indicates deficiencies in network perimeter security. Particular attention should be paid to the inventory and hardening of internet-accessible network devices, especially firewalls, routers and load balancers, as these have become primary targets for such infrastructure operations.


Source: thehackernews.com · Published 8 July 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: