UAT-7810 continues building ORB networks using new malware
ID: b0f8bea8-b141-5bfe-8ed1-cd665fd8a800
STIX ID: report--b0f8bea8-b141-5bfe-8ed1-cd665fd8a800
Feed Name: Cisco Talos
Cisco Talos reports that UAT-7810, a China-nexus APT operating an Operational Relay Box (ORB) network, continues active development and deployment of multi-architecture malware—LONGLEASH (updated SHORTLEASH), DOGLEASH (C-based backdoor), JARLEASH (Java admin backdoor), and a MIPS test binary LEASHTEST—while exploiting known vulnerabilities in networking devices (including CVE-2025-2492) to expand its infrastructure; Talos provides infrastructure indicators (multiple IPs, TLS fingerprint) and numerous malware hashes for detection and mitigation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
