LONGLEASH: The new hack expanding China's espionage network
The UAT-7810 group is using the LONGLEASH malware to compromise Ruckus routers and strengthen its global network of attack nodes.

The evolution of digital espionage: The LONGLEASH malware
The international cybersecurity landscape is facing a new threat. Recent investigations have identified a China-linked threat actor group, tracked as UAT-7810, which has developed a sophisticated piece of malware dubbed LONGLEASH. This malicious software has a clear goal: to expand the operational capacity of its Operational Relay Box (ORB) network.
The modus operandi: Exploiting outdated devices
The group's strategy focuses on exploiting internet-connected network devices. In particular, the attackers have targeted Ruckus routers, taking advantage of any vulnerability that has not been addressed with security patches. By compromising this equipment, the attackers not only gain access to the local network but also turn these devices into nodes for their command-and-control infrastructure.
"Using edge devices as relays allows attackers to hide their actual origin, significantly complicating forensic tracking by cybersecurity agencies," experts in the field point out.
A latent risk to critical infrastructure
This type of attack serves as a reminder that the security of a network depends on its weakest link. As seen in the case of Hack against universities: The vulnerability that exposes sensitive emails, network devices are often the most overlooked in maintenance plans. Unlike a ransomware attack, where the objective is immediate financial extortion, UAT-7810's ORB network seeks persistence and stealth for long-term espionage activities.
How to protect yourself against these threats
To mitigate the risk of being used as a node in a malicious network, it is imperative to follow these recommendations:
- Constant updating: Apply security patches immediately as soon as the manufacturer releases them.
- Network segmentation: Isolate critical infrastructure devices from end-user networks.
- Traffic monitoring: Implement intrusion detection systems that identify anomalous communication patterns to external servers.
In conclusion, the development of LONGLEASH underscores the professionalization of cyber-espionage groups. Security is not a static state, but a continuous process of vigilance and updating in a digital environment where any unprotected device is an open door for malicious actors.
Related articles
11 de julio de 2026
Condemna històrica: membre de la banda Ryuk ransomware admet la seva culpabilitat
Un ciutadà armeni es declara culpable als EUA pel desplegament de ransomware Ryuk, afrontant una possible sentència de 15 anys de presó.
11 de julio de 2026
Historic Conviction: Ryuk Ransomware Gang Member Admits Guilt
An Armenian national pleads guilty in the U.S. for deploying Ryuk ransomware and faces a potential 15-year prison sentence.
11 de julio de 2026
Condena histórica: miembro de la banda Ryuk ransomware admite su culpa
Un ciudadano armenio se declara culpable en EE. UU. por el despliegue de ransomware Ryuk, enfrentando una posible sentencia de 15 años de prisión.
10 de julio de 2026
Hackers exploten Microsoft Entra: Nova vulnerabilitat en passkeys
Un grup d'actors maliciosos utilitza enginyeria social per comprometre comptes de Microsoft 365 mitjançant falsos registres de passkeys a Entra.
Loading comments...