A sophisticated Chinese threat actor known as UAT-7810 is making concerning advancements in cyber operations, actively enhancing its malware arsenal to expand a notorious Operational Relay Box (ORB) network through targeted attacks on internet-exposed networking infrastructure. Recent intelligence from Cisco Talos reveals this advanced persistent threat group is systematically compromising vulnerable network devices to strengthen its command-and-control capabilities, marking a significant escalation in their operational capabilities.
UAT-7810, which maintains the infamous LapDogs ORB network first identified in June 2025, has been observed deploying new malware variants including the recently discovered LONGLEASH. This threat group specifically targets network devices exposed to the internet, leveraging these systems as infrastructure nodes within their ORB network. By compromising these devices, UAT-7810 creates a complex web of relay points that help mask their activities, making detection and attribution significantly more challenging for security professionals. The development and deployment of custom malware like LONGLEASH demonstrate the group's technical sophistication and commitment to maintaining persistent access to compromised networks.
For security teams, these developments represent concerning challenges. The targeting of network infrastructure rather than traditional endpoints represents an evolution