Unmasking A New China-Linked Covert ORB Network: Inside the LapDogs Campaign
securityscorecard.com
SecurityScorecard’s STRIKE team uncovered a new China-Nexus ORB Network targeting the United States and Southeast Asia. Read the report to gain an in-depth look at the LapDogs ORB network, its custom malware, and its role in cyberespionage.

cross-posted from: https://lemmy.sdf.org/post/37319322

Archived

Full report (pdf)

Key Takeaways:

  • Over 1,000 actively infected nodes
  • Targets are highly localized in the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan
  • Victims in real estate, IT, networking, media and more
  • LapDogs leverages a custom backdoor named “ShortLeash,” which establishes a foothold on compromised devices and enables the hackers to act covertly
  • Small Office/Home Office (SOHO) devices are mainly targeted
  • Campaign growth is deliberate, beginning September 2023 and expanding with methodical tasking
  • LapDogs shares commonalities with some prolific China-Nexus ORB networks, most notably PolarEdge, while conclusively standing out as an independent ORB