UAT-7810: Longleash Malware and Operational Relay Box ORB Infrastructure
China-nexus threat actor UAT-7810 is deploying a decentralized Operational Relay Box (ORB) infrastructure by compromising edge devices, including routers and firewalls, to obfuscate Command and Control (C2) traffic. Utilizing the "Longleash" malware, the actor achieves persistence within embedded firmware to route malicious egress through legitimate residential and corporate IP spaces. This architecture bypasses geolocation filters and IP reputation-based detection systems. Primary targets include government contractors and SMBs. Detection requires monitoring for non-standard tunneling protocols and anomalous outbound traffic originating from perimeter hardware, focusing on firmware integrity and egress filtering.
Underminr: Bypassing Security Filters via Cloudflare, Akamai, AWS CloudFront, and Fastly CDN Infrastructure
Underminr is a systemic architectural vulnerability across the world's largest Content Delivery Network (CDN) providers that enables threat actors to encapsulate malicious Command and Control (C2) traffic within trusted infrastructure. By exploiting the shared reputation of CDN edge nodes, attackers can effectively bypass domain-based filtering and IP blacklisting, rendering traditional perimeter defenses obsolete.