Ethical Hacking News
LapDogs: The Sophisticated China-Nexus Hacktivist Campaign Hijacking Millions of SOHO Devices for Espionage
In a recent revelation, researchers have uncovered a complex China-linked hacking campaign dubbed LapDogs, which has hijacked over 1,000 small office/home office devices to form an Operational Relay Box network for long-term cyber espionage. The campaign is notable for its strategic focus and careful planning, demonstrating the ability of Chinese threat actors to leverage ORB networks for covert intrusion campaigns. Security teams should be on high alert that China-Nexus threat actors are disrupting traditional playbooks for IOC tracking, response, and remediation.
The LapDogs campaign is a sophisticated China-linked hacking operation that has hijacked over 1,000 small office/home office (SOHO) devices. The operation uses an Operational Relay Box (ORB) network to support long-term cyber espionage. The targeting is strategic, with regions such as Japan and Taiwan targeted in different waves, and a focus on Southeast Asia and the United States. The hackers have employed tactics including exploiting vulnerabilities in Open VSX Registry flaws and using malware samples like the Linux-based ShortLeash backdoor. The campaign is notable for its use of an ORB network, which can be used to support long-term spying operations. The LapDogs campaign demonstrates a surging interest from China-Nexus threat actors in using ORB Networks for covert intrusion campaigns.
In a recent revelation that has sent shockwaves through the cybersecurity community, researchers at SecurityScorecard's STRIKE team have uncovered a complex and sophisticated China-linked hacking campaign dubbed LapDogs. This highly organized operation has managed to hijack over 1,000 small office/home office (SOHO) devices, forming an Operational Relay Box (ORB) network that is being used for long-term cyber espionage. The campaign, which is believed to be linked to the notorious China-nexus hacking groups, is notable for its strategic focus and careful planning.
The LapDogs campaign has been identified as a novel and prolonged espionage infrastructure, which demonstrates the ability of Chinese threat actors to leverage ORB networks for covert intrusion campaigns. The researchers have found that the campaign targets regions such as Japan and Taiwan in different waves, with a clear emphasis on Southeast Asia and the United States. The targeting is not random, but rather strategic, with many intrusion sets centered around specific locations.
The hackers have employed a range of tactics to compromise the devices, including exploiting vulnerabilities in Open VSX Registry flaws. This has allowed them to gain access to millions of developers' devices, which are often equipped with outdated web servers and other security vulnerabilities. The attackers have also used malware samples, including the Linux-based ShortLeash backdoor, to maintain persistence on compromised systems.
One of the most striking aspects of the LapDogs campaign is its use of an Operational Relay Box (ORB) network. This is a novel approach that involves using multiple compromised devices to form a hidden network, which can be used to support long-term spying operations. The researchers have found that many devices in the ORB network are vulnerable to known flaws, such as CVE-2015-1548 and CVE-2017-17663, linked to outdated mini_httpd servers.
The campaign has also been notable for its use of Mandarin code in its startup script, which suggests a clear connection to China-based espionage. Furthermore, the researchers have found that many devices in the ORB network are vulnerable to known exploits, including those related to GoAhead web apps and old DropBearSSH.
The LapDogs campaign is just the latest example of the growing sophistication of Chinese threat actors' tactics, technology, and procedures (TTPs). As researchers note, this campaign demonstrates a surging interest from China-Nexus threat actors in using ORB Networks to conduct covert intrusion campaigns both around the globe and tailored to specific victims of interest. With an increasing interest in this approach, security teams should be on high alert that China-Nexus threat actors are disrupting traditional playbooks for IOC tracking, response, and remediation.
In conclusion, the LapDogs campaign is a significant example of the evolving nature of cyber espionage and the growing sophistication of Chinese threat actors' tactics. As the cybersecurity landscape continues to evolve, it is essential for security teams to stay vigilant and adapt their defenses to address the latest threats.
Related Information:
https://www.ethicalhackingnews.com/articles/LapDogs-The-Sophisticated-China-Nexus-Hacktivist-Campaign-Hijacking-Millions-of-SOHO-Devices-for-Espionage-ehn.shtml
https://securityaffairs.com/179406/malware/lapdogs-china-nexus-hackers-hijack-1000-soho-devices-for-espionage.html
https://nvd.nist.gov/vuln/detail/CVE-2015-1548
https://www.cvedetails.com/cve/CVE-2015-1548/
https://nvd.nist.gov/vuln/detail/CVE-2017-17663
https://www.cvedetails.com/cve/CVE-2017-17663/
Published: Sat Jun 28 09:45:21 2025 by llama3.2 3B Q4_K_M
