SyncWave Blog
Cybersecurity 2 min read 71

LONGLEASH: The new hack expanding China's espionage network

The UAT-7810 group is using the LONGLEASH malware to compromise Ruckus routers and strengthen its global network of attack nodes.

cyber security network

The evolution of digital espionage: The LONGLEASH malware

The international cybersecurity landscape is facing a new threat. Recent investigations have identified a China-linked threat actor group, tracked as UAT-7810, which has developed a sophisticated piece of malware dubbed LONGLEASH. This malicious software has a clear goal: to expand the operational capacity of its Operational Relay Box (ORB) network.

The modus operandi: Exploiting outdated devices

The group's strategy focuses on exploiting internet-connected network devices. In particular, the attackers have targeted Ruckus routers, taking advantage of any vulnerability that has not been addressed with security patches. By compromising this equipment, the attackers not only gain access to the local network but also turn these devices into nodes for their command-and-control infrastructure.

"Using edge devices as relays allows attackers to hide their actual origin, significantly complicating forensic tracking by cybersecurity agencies," experts in the field point out.

A latent risk to critical infrastructure

This type of attack serves as a reminder that the security of a network depends on its weakest link. As seen in the case of Hack against universities: The vulnerability that exposes sensitive emails, network devices are often the most overlooked in maintenance plans. Unlike a ransomware attack, where the objective is immediate financial extortion, UAT-7810's ORB network seeks persistence and stealth for long-term espionage activities.

How to protect yourself against these threats

To mitigate the risk of being used as a node in a malicious network, it is imperative to follow these recommendations:

  1. Constant updating: Apply security patches immediately as soon as the manufacturer releases them.
  2. Network segmentation: Isolate critical infrastructure devices from end-user networks.
  3. Traffic monitoring: Implement intrusion detection systems that identify anomalous communication patterns to external servers.

In conclusion, the development of LONGLEASH underscores the professionalization of cyber-espionage groups. Security is not a static state, but a continuous process of vigilance and updating in a digital environment where any unprotected device is an open door for malicious actors.

Share:

Comments

Loading comments...

Contact

Want to get in touch?

Questions, suggestions or proposals — write to us and we will respond.