bulwarkblack.com • 2h
UAT-7810: Longleash Malware and Operational Relay Box ORB Infrastructure
China-nexus threat actor UAT-7810 is deploying a decentralized Operational Relay Box (ORB) infrastructure by compromising edge devices, including routers and firewalls, to obfuscate Command and Control (C2) traffic. Utilizing the "Longleash" malware, the actor achieves persistence within embedded firmware to route malicious egress through legitimate residential and corporate IP spaces. This architecture bypasses geolocation filters and IP reputation-based detection systems. Primary targets include government contractors and SMBs. Detection requires monitoring for non-standard tunneling protocols and anomalous outbound traffic originating from perimeter hardware, focusing on firmware integrity and egress filtering.
Links:bulwarkblack.com, bleepingcomputer.com, Thehackernews, Reddit, Gbhackers, Radar •