The bottom line: UAT-7810 deploys specialized malware to compromise unpatched Ruckus routers as relay nodes for infrastructure connectivity.
The Chinese hacker group UAT-7810 is developing the new LONGLEASH malware to expand its infrastructure known as ORB (Operational Relay Box) and to infect Internet-exposed network devices, particularly unpatched Ruckus routers.
The Chinese threat group UAT-7810 is actively advancing its malware capabilities. The goal is to expand its ORB network (Operational Relay Box) by compromising Internet-accessible network devices. The focus is on unpatched Ruckus routers, which serve as central integration points of the infrastructure.
LONGLEASH is the specialized malware tool that infects these devices and integrates them into the existing botnet. This infrastructure enables UAT-7810 to decentralize its command structures and make tracing its operations more difficult.
For security officials, continuous maintenance of firmware and patch management for exposed network devices is critical. Ruckus administrators should deploy available security updates promptly and review devices for direct Internet connectivity, implementing secure segmentation.
Source: www.bleepingcomputer.com · Published 7 July 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.