At least 1,000 IoT devices, end-of-life routers, virtual servers, and other internet-exposed devices have been enlisted in the LapDogs Operational Relay Box network by Chinese hackers to facilitate global cyberespionage activities since September 2023, reports The Register.
Most organizations impacted by the ORB network were in the U.S., followed by Japan, South Korea, Taiwan, and Hong Kong, according to a SecurityScorecard Strike analysis. Moreover, Ruckus Wireless access point devices accounted for nearly 55% of the affected devices. Attacks involved the exploitation of device vulnerabilities to facilitate the delivery of the ShortLeash backdoor, which generates a TLS certificate purporting to be signed by the Los Angeles Police Department to create the LapDogs ORB network before the subsequent execution of a malicious payload. Additional analysis of the payload's purpose is still needed but the intrusion is suspected to have been perpetrated by China's Typhoon hacking operations. "These essentially are the [tactics, techniques, and procedures] associated with those type of actors, especially when it comes to operational relay boxes and then using them as a covert transfer network," said SecurityScorecard Field Chief Threat Intelligence Officer Ryan Sherstobitoff.
Most organizations impacted by the ORB network were in the U.S., followed by Japan, South Korea, Taiwan, and Hong Kong, according to a SecurityScorecard Strike analysis. Moreover, Ruckus Wireless access point devices accounted for nearly 55% of the affected devices. Attacks involved the exploitation of device vulnerabilities to facilitate the delivery of the ShortLeash backdoor, which generates a TLS certificate purporting to be signed by the Los Angeles Police Department to create the LapDogs ORB network before the subsequent execution of a malicious payload. Additional analysis of the payload's purpose is still needed but the intrusion is suspected to have been perpetrated by China's Typhoon hacking operations. "These essentially are the [tactics, techniques, and procedures] associated with those type of actors, especially when it comes to operational relay boxes and then using them as a covert transfer network," said SecurityScorecard Field Chief Threat Intelligence Officer Ryan Sherstobitoff.
