Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    Amazfit Active 3 Premium review — Premium performance, just without the price

    July 9, 2026

    Upgrading your Blu-ray collection to 4K is expensive if you don’t know which discs to look for

    July 9, 2026

    12 Million Impacted by Data Breach at Japanese Telco KDDI

    July 9, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors
    China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors
    Cybersecurity

    China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

    The Tech GuyBy The Tech GuyJuly 9, 2026No Comments3 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    A China-linked advanced persistent threat (APT) actor building an operational relay box (ORB) network for espionage has been updating its arsenal with new backdoors, Cisco’s Talos researchers warn.

    Advertisement

    As part of a prolonged espionage infrastructure campaign tracked as LapDogs, the APT infected over 1,000 small office/home office (SOHO) routers with the ShortLeash backdoor, SecurityScorecard reported last year.

    Talos, which tracks the threat actor as UAT-7810, has discovered a newer version of the backdoor, dubbed LongLeash, as well as two other malware families the APT has been relying on, namely DogLeash and JarLeash.

    UAT-7810 mainly targets known vulnerabilities in Ruckus wireless routers, including CVE-2020-22653, CVE-2020-22658, and CVE-2023-25717, and was seen using payloads for multiple architectures, including MIPS, ARM, and x64.

    Talos identified three IP addresses associated with VPS instances that UAT-7810 uses to download payloads, as well as four new servers the APT has been using to host malicious payloads such as DogLeash and accompanying shell scripts.

    One of the IPs was also used in attacks targeting Asus AiCloud Routers, likely as part of the apparent ORB facilitation campaign dubbed Operation WrtHug that was publicly detailed in November 2025.

    Advertisement. Scroll to continue reading.

    UAT-7810, Talos says, provides infrastructure to another China-linked APT, namely UAT-5918. The groups’ tooling overlaps, but they are still tracked as separate groups.

    The recently identified LongLeash backdoor builds on the functionality previously observed in ShortLeash, such as command-and-control (C&C) communication, web server hosting, tunnel management, and the ability to act both as C&C and client, as well as additional capabilities.

    It was built largely on the same codebase, but also contains code from the Nanopb and MbedTLS open source libraries. The backdoor can function as an intermediate server, forwarding commands and data received from the C&C to other peers.

    DogLeash is a C-based passive backdoor deployed via a shell script that also adds iptables rules allowing TCP traffic to a port that DogLeash binds and listens to. Based on code received from the C&C, the backdoor can execute commands, read files, rename files, close the socket listener, retrieve OS information, and execute code in memory.

    JarLeash is a Java-based backdoor that provides UAT-7810 with easy access to compromised systems. It is used alongside a script that kills all other instances of the backdoor and then spawns the Java container to deploy the malware. The backdoor can also be deployed on the APT’s internal infrastructure.

    The backdoor can host a web-based file management interface and FTP and SFTP servers, and can run a netcat server on a provided IP and port number.

    UAT-7810 was also seen developing LeashTest, a binary that tests functionality on the MIPS platform, and which is not malicious on its own, but can be an indicator of compromise (IoC).

    “The development and use of LeashTest signifies that even though they have developed LongLeash, a full-fledged backdoor framework, UAT-7810 is still actively testing functionality on MIPS platforms and may not be completely confident of its behavior on MIPS devices,” Talos notes.

    Related: Chinese Framework Powers 200,000 Scam Sites

    Related: Chinese Hackers Target Medical, Military, and AI Research in North America

    Related: FBI Seizes 13 Websites That Officials Say Were Used by China to Target and Recruit US Workers

    Related: Five Eyes: Chinese Spies Target Government, Military Staff With Fake Job Opportunities

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    12 Million Impacted by Data Breach at Japanese Telco KDDI

    July 9, 2026

    Chrome 150 Update Patches 27 Vulnerabilities

    July 9, 2026

    Accenture Confirms Data Breach After Hacker Claims Source Code Theft

    July 8, 2026

    Webinar Today: Why Email Security Keeps Failing

    July 8, 2026

    Critical Adobe ColdFusion Vulnerability Exploited in Attacks

    July 8, 2026

    Critical Gitea Flaw Under Active Exploitation, Researchers Warn

    July 8, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026253 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 2026157 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    Amazfit Active 3 Premium review — Premium performance, just without the price

    July 9, 2026

    Upgrading your Blu-ray collection to 4K is expensive if you don’t know which discs to look for

    July 9, 2026

    12 Million Impacted by Data Breach at Japanese Telco KDDI

    July 9, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.