A China-linked threat actor, known as UAT-7810, has been observed enhancing its custom malware to infiltrate internet-exposed networking devices, thereby expanding its Operational Relay Box (ORB) network. This APT actor is responsible for maintaining the LapDogs ORB network, which was first identified in June 2025. The threat actor's tactics involve exploiting vulnerabilities in networking devices to establish a foothold, allowing them to expand their ORB network. The use of bespoke malware, such as LONGLEASH, enables UAT-7810 to bypass security measures and maintain persistence on compromised devices1. The involvement of state-aligned actors like UAT-7810 in targeting Cisco devices signifies a shift in the threat model from traditional cybercrime to geopolitically motivated attacks. This development matters to cybersecurity practitioners because it requires a distinct approach to mitigating threats, one that accounts for the unique motivations and tactics of state-sponsored actors.
China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware
⚠️ Critical Alert
Why This Matters
State-aligned activity involving Cisco shifts the threat model from criminal to geopolitical — different playbook required.
References
- The Hacker News. (2026, July 8). China-Linked UAT-7810 Expands ORB Network With New LONGLEASH Malware. *The Hacker News*. https://thehackernews.com/2026/07/china-linked-uat-7810-expands-orb.html
Original Source
The Hacker News
Read original →