Chinese “LapDogs” ORB Network Targets US and Asia

China-nexus actors are using a network of Operational Relay Boxes (ORBs) including compromised connected devices to target victims in the US and Asia with a cyber-espionage campaign, SecurityScorecard has warned.

The security vendor claimed that the “LapDogs” botnet is already comprised of 1000+ small office/home office (SOHO) devices like routers and IoT endpoints around the world. They’re typically combined with virtual private servers (VPSs) to create ORB networks for obfuscation and plausible deniability, it said.

In this campaign, the threat actors are using a custom backdoor, “ShortLeash,” which maintains persistence on an infected device and connects it to an ORB network. ShortLeash apparently generates TLS certificates spoofed as being signed by the LA Police Department (LAPD) to throw investigators off the scent.

To read the complete article see: InfoSecurity Magazine