China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

Cybersecurity researchers have identified an expansion in the arsenal of a China-linked advanced persistent threat (APT) group, known for its operations under the name LapDogs. This threat actor has reportedly introduced new malware components, specifically focusing on compromising small office/home office (SOHO) routers. The newly identified backdoors have been named LongLeash, DogLeash, and JarLeash.
These additions signify a growing sophistication and a broadening attack vector for the LapDogs group. The focus on SOHO routers suggests an intent to gain persistent access into networks that may serve as entry points for larger corporate infrastructures or provide access to sensitive data.
The deployment of these new backdoors indicates a continuous effort by the APT to refine its tools and evade detection. The specific functionalities and exploitation methods of LongLeash, DogLeash, and JarLeash are likely being analyzed by security firms to understand the full scope of the threat.
While the exact motivations behind the LapDogs campaign remain under investigation, APT groups often engage in espionage, intellectual property theft, or disruptive cyber activities. The targeting of SOHO routers could be a strategic move to establish a foothold within organizations or to leverage these devices for further network pivoting.
Further details regarding the technical capabilities of these new backdoors and the specific vulnerabilities they exploit are expected to be released as the investigation progresses. This development underscores the persistent threat posed by nation-state-backed actors and the importance of securing network infrastructure, including edge devices like SOHO routers.





