Checking all the Boxes: LapDogs, The New ORB in Town

SUMMARY :

SecurityScorecard's STRIKE team has uncovered a new China-Nexus Operational Relay Box (ORB) network called 'LapDogs', targeting primarily Linux-based SOHO devices globally. The network, active since September 2023, focuses on the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan. LapDogs employs a custom backdoor named 'ShortLeash', which establishes footholds on compromised devices and connects them within the network. Over 1,000 actively infected nodes have been identified, revealing geographical targeting patterns indicative of structured tasking. The research highlights the network's gradual growth, methodical operation, and distinct intrusion sets, setting it apart from opportunistic botnets. Victimology analysis reveals affected ISPs, hardware vendors, and organizations in IT, networking, real estate, and media sectors.

OPENCTI LABELS :

orb,tls certificates,southeast asia,shortleash,soho devices,cve-2017-17663


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Checking all the Boxes: LapDogs, The New ORB in Town