Checking all the Boxes: LapDogs, The New ORB in Town
June 27, 2025, 8:07 a.m.
Description
SecurityScorecard's STRIKE team has uncovered a new China-Nexus Operational Relay Box (ORB) network called 'LapDogs', targeting primarily Linux-based SOHO devices globally. The network, active since September 2023, focuses on the United States and Southeast Asia, particularly Japan, South Korea, Hong Kong, and Taiwan. LapDogs employs a custom backdoor named 'ShortLeash', which establishes footholds on compromised devices and connects them within the network. Over 1,000 actively infected nodes have been identified, revealing geographical targeting patterns indicative of structured tasking. The research highlights the network's gradual growth, methodical operation, and distinct intrusion sets, setting it apart from opportunistic botnets. Victimology analysis reveals affected ISPs, hardware vendors, and organizations in IT, networking, real estate, and media sectors.
Tags
Date
- Created: June 26, 2025, 9:14 p.m.
- Published: June 26, 2025, 9:14 p.m.
- Modified: June 27, 2025, 8:07 a.m.
Indicators
- 9b954bfc2949d07eb41446225592eaa65ed3954cd2b93a13c574bb89147a4465
- 75618401b64046d970df49fcfdfcc36174b0aae27ac4e1c178dc75219992080a
- 33ff77940436498a50bbb05391324964063cd3c93f2e66b07d1cb31442bb1513
- 1a180186e6fbaf6fa88f934965290235e8418976d6f3546dbf100217d1752db4
- 073133298e5cca0833354be754f5d14358c0dbc24ba5f70e5b5eceec1d6726e6
- 02ab315e4e3cf71c1632c91d4914c21b9f6e0b9aa0263f2400d6381aab759a61
- 64.176.228.227
- 180.210.220.148
- 158.247.250.190
- 158.247.244.8
- 158.247.216.244
- 158.247.208.113
- 158.247.201.36
- 141.164.63.253
- 141.164.51.99
- 141.164.50.206
- 141.164.44.183
- 103.135.248.52
- 119.31.186.253
- 103.131.189.36
- 103.117.100.77
- 103.131.189.2
- 103.117.100.117
- 103.106.230.31
- 103.117.100.79
- northumbra.com
Additional Informations
- Real Estate
- Technology
- Media
- Telecommunications
- Government
- Hong Kong
- Taiwan
- Japan
- United States of America