Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign

SecurityScorecard’s STRIKE team uncovered a previously unreported China-linked ORB network dubbed "LapDogs," using a custom backdoor called ShortLeash to create an extensive covert espionage infrastructure of over 1,000 active nodes across the U.S. and Southeast Asia; the campaign targets SOHO devices, uses self-signed TLS certs labeled "LAPD" for obfuscation, operates in methodical regional waves since at least September 2023, and is assessed to have been used by APT UAT-5918.