Close Menu
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks

July 8, 2026

My Stack Simulator exploited for malicious code execution.

July 8, 2026

CISA Adds Adobe, Joomla, Langflow Flaws to KEV

July 8, 2026
Facebook X (Twitter) Instagram
The CISO Brief
  • Home
  • Cybercrime and Ransomware
  • Emerging Tech
  • Threat Intelligence
  • Expert Insights
  • Careers and Learning
  • Compliance
Home » China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks
Cybercrime and Ransomware

China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks

Staff WriterBy Staff WriterJuly 8, 2026No Comments4 Mins Read1 Views
Facebook Twitter Pinterest LinkedIn Tumblr Email
Share
Facebook Twitter LinkedIn Pinterest WhatsApp Email

Summary Points

  1. UAT-7810, a China-linked hacking group, exploits outdated Ruckus routers to build and expand a global network of hijacked devices (Operational Relay Box network) that conceals cyberattack origins.
  2. The group uses custom malware, including the upgraded LONGLEASH backdoor, which manages encrypted tunnels and disguises traffic as normal web browsing to facilitate long-term stealthy operation.
  3. Known vulnerabilities in unpatched Ruckus routers are the primary entry point, with the attackers also targeting other devices like ASUS AiCloud, aiming to broaden their relay infrastructure.
  4. Regular firmware updates, network segmentation, and traffic monitoring are critical defenses to prevent and detect these persistent, clandestine device hijackings.

Problem Explained

UAT-7810, a China-linked hacking group, has been expanding its global network by exploiting vulnerabilities in outdated Ruckus wireless routers. They utilize these compromised devices to create an “Operational Relay Box” (ORB) network, which masks the origin of cyberattacks by routing malicious traffic through legitimate home and business routers. This tactic, known as the LapDogs network, has grown since its detection in 2025, with UAT-7810 mainly responsible for building and maintaining it. Researchers from Cisco Talos report that the group relies heavily on unpatched routers to deploy sophisticated custom malware, such as the LONGLEASH backdoor, which acts as a proxy and command center for infected devices.

The group’s activities highlight a concerning pattern of long-term, stealthy access that makes attribution difficult. Their malware tools, including DOGLEASH and JARLEASH, are designed for persistent control over infected devices, which can remain undetected for months. The attack’s success stems from exploiting known vulnerabilities in outdated firmware; therefore, updating router security and hardware replacement are essential preventive measures. UAT-7810’s expansion beyond routers to target devices like ASUS AiCloud demonstrates their intent to grow this relay infrastructure further. These reports, shared by security analysts, serve to inform organizations and individuals about the importance of strengthening defenses against such covert and sustained cyber threats.

Risk Summary

The issue of “China-Nexus Hackers Exploit Ruckus Routers to Build Operational Relay Box Networks” can threaten any business’s security by allowing cybercriminals to hijack network devices. When hackers penetrate Ruckus routers, they often set up hidden relay boxes that can reroute sensitive data or launch attacks. Consequently, your business might face data breaches, theft of valuable information, or even network shutdowns, disrupting daily operations. Moreover, such breaches can damage your reputation, lead to legal penalties, and incur heavy recovery costs. Therefore, without proper security measures, your business becomes vulnerable, and the fallout can be both immediate and long-lasting. In essence, this type of cyber threat underscores the importance of robust cybersecurity practices for every organization.

Possible Action Plan

In the rapidly evolving landscape of cyber threats, prompt remediation of vulnerabilities is critical to prevent widespread damage, especially when sophisticated threat actors like China-Nexus Hackers exploit specific vulnerabilities in network equipment such as Ruckus routers to establish extensive relay networks. Addressing these threats swiftly can significantly reduce potential disruptions, data breaches, and long-term security risks.

Detection and Monitoring
Implement continuous network monitoring for unusual traffic patterns and unauthorized device connections. Utilize intrusion detection systems to flag suspicious activities related to router behavior.

Firmware Updates
Promptly apply the latest firmware patches released by Ruckus Networks to close known security gaps and prevent exploitation of existing vulnerabilities.

Access Controls
Enforce strict access controls by disabling remote management features, changing default passwords, and employing strong, unique credentials. Limit administrative access to essential personnel only.

Network Segmentation
Segment the network to isolate critical systems from less secure or public-facing devices, reducing the attack surface and containing potential breaches.

Vulnerability Assessments
Conduct regular vulnerability scans and penetration testing focused on router security to identify and remediate weaknesses proactively.

Incident Response
Develop and update incident response plans tailored to router compromise scenarios, ensuring rapid containment and recovery in case of an attack.

Vendor Collaboration
Maintain active communication with Ruckus and cybersecurity authorities to stay informed about emerging threats and recommended best practices.

User Education
Train personnel on recognizing suspicious activity and adhering to security policies related to network device management to reduce human error-related weaknesses.

Stay Ahead in Cybersecurity

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1

CISO Update cyber risk cybercrime Cybersecurity MX1 risk management
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleMy Stack Simulator exploited for malicious code execution.
Avatar photo
Staff Writer
  • Website

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

My Stack Simulator exploited for malicious code execution.

July 8, 2026

CISA Adds Adobe, Joomla, Langflow Flaws to KEV

July 8, 2026

Google Cloud links Wiz data to threat actors and attack techniques

July 8, 2026

Comments are closed.

Latest Posts

China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks

July 8, 2026

Accenture Data Breach: Hackers Claim to Have Stolen 35 GB of Source Code

July 8, 2026

Hidden Threats: RDP and WinRAR Exploit Target Ukraine

July 7, 2026

Disrupting Ransomware: How VECT and TeamPCP Counter Supply Chain Credential Theft

July 7, 2026
Don't Miss

My Stack Simulator exploited for malicious code execution.

By Staff WriterJuly 8, 2026

Fast Facts Overwritten or excessively large stack regions become prime targets for attackers to hijack…

CISA Adds Adobe, Joomla, Langflow Flaws to KEV

July 8, 2026

Google Cloud links Wiz data to threat actors and attack techniques

July 8, 2026

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

Recent Posts

  • China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks
  • My Stack Simulator exploited for malicious code execution.
  • CISA Adds Adobe, Joomla, Langflow Flaws to KEV
  • Google Cloud links Wiz data to threat actors and attack techniques
  • Accenture Data Breach: Hackers Claim to Have Stolen 35 GB of Source Code
About Us
About Us

Welcome to The CISO Brief, your trusted source for the latest news, expert insights, and developments in the cybersecurity world.

In today’s rapidly evolving digital landscape, staying informed about cyber threats, innovations, and industry trends is critical for professionals and organizations alike. At The CISO Brief, we are committed to providing timely, accurate, and insightful content that helps security leaders navigate the complexities of cybersecurity.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

China-Nexus HackersUse Ruckus Routers to Build Evil Relay Networks

July 8, 2026

My Stack Simulator exploited for malicious code execution.

July 8, 2026

CISA Adds Adobe, Joomla, Langflow Flaws to KEV

July 8, 2026
Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

January 30, 202634 Views

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

November 27, 202530 Views

The New Face of DDoS is Impacted by AI

August 4, 202528 Views

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025

Categories

  • Compliance
  • Cyber Updates
  • Cybercrime and Ransomware
  • Editor's pick
  • Emerging Tech
  • Events
  • Featured
  • Insights
  • Most Read
  • Threat Intelligence
  • Uncategorized
© 2026 thecisobrief. Designed by thecisobrief.
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions

Type above and press Enter to search. Press Esc to cancel.