A China-linked threat actor, known as UAT-7810, has been observed enhancing its custom malware to infiltrate internet-exposed networking devices, thereby expanding its Operational Relay Box (ORB) network. This APT actor is responsible for maintaining the LapDogs ORB network, which was first identified in June 2025. The threat actor's tactics involve exploiting vulnerabilities in networking devices to establish a foothold, allowing them to expand their ORB network. The use of bespoke malware, such as LONGLEASH, enables UAT-7810 to bypass security measures and maintain persistence on compromised devices1. The involvement of state-aligned actors like UAT-7810 in targeting Cisco devices signifies a shift in the threat model from traditional cybercrime to geopolitically motivated attacks. This development matters to cybersecurity practitioners because it requires a distinct approach to mitigating threats, one that accounts for the unique motivations and tactics of state-sponsored actors.