China-backed "LapDogs" hackers hijacked hundreds of devices in an outlandish intel campaign aimed at US and Asian targets
Date:
Sun, 29 Jun 2025 09:23:00 +0000
Description:
LapDogs is a China-linked espionage operation exploiting SOHO devices to gain stealthy access across the US and Asia, using spoofed credentials and persistent malware.
FULL STORY
A recently disclosed cyber espionage operation, dubbed LapDogs, has drawn scrutiny following revelations from SecurityScorecards Strike Team.
The operation, believed to be conducted by China-aligned threat actors, has quietly infiltrated over 1,000 devices across the United States, Japan, South Korea, Taiwan, and Hong Kong.
What makes this campaign distinctive is its use of hijacked SOHO routers and IoT hardware, transforming them into Operational Relay Boxes (ORBs) for sustained surveillance.
Stealth, persistence, and false identities
LapDogs is an ongoing campaign, active since September 2023, targeting real estate, media, municipal, and IT sectors.
Devices from known vendors such as Buffalo Technology and Ruckus Wireless
have reportedly been compromised.
The attackers use a custom backdoor named ShortLeash, which grants extensive privileges and stealth, allowing them to blend in with legitimate traffic.
According to the report, once a device is infected, it may go undetected for months, and in worst-case scenarios, some are used as gateways to infiltrate internal networks.
Unlike typical botnets that prioritize disruption or spam, LapDogs reveals a more surgical approach.
LapDogs reflects a strategic shift in how cyber threat actors are leveraging distributed, low-visibility devices to gain persistent access, said Ryan Sherstobitoff, Chief Threat Intelligence Officer at SecurityScorecard.
These arent opportunistic smash-and-grab attacksthese are deliberate, geo-targeted campaigns that erode the value of traditional IOCs (Indicators
of Compromise).
With 162 distinct intrusion sets already mapped, the structure of the
operation suggests clear intent and segmentation.
What is especially unsettling is the spoofing of legitimate security credentials.
The malware fabricates TLS certificates appearing to be signed by the Los Angeles Police Department.
This forgery, combined with geolocation-aware certificate issuance and
assigned ports, makes it extremely difficult for conventional detection
systems to flag malicious behavior.
Even the best endpoint protection tools would be challenged in spotting such well-disguised intrusions, especially when activity is routed through compromised home routers rather than enterprise assets.
SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB system, but emphasizes that the two are distinct in infrastructure and execution.
The broader concern raised is the expanding vulnerability landscape. As businesses rely more on decentralized devices and fail to update embedded firmware, the risk of persistent espionage increases.
The report calls on network defenders and ISPs to review devices across their supply chains.
SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB system, but emphasizes that the two are distinct in infrastructure and execution.
The broader concern raised is the expanding vulnerability landscape. As businesses rely more on decentralized devices and fail to update embedded firmware, the risk of persistent espionage increases.
The report calls on network defenders and ISPs to review devices across their supply chains.
This means there is a need to reconsider reactive solutions and focus on more proactive infrastructure-level measures, such as the best FWAAS and best ZTNA solution deployments.
======================================================================
Link to news story:
https://www.techradar.com/pro/security/china-backed-lapdogs-hackers-hijacked-h undreds-of-devices-in-an-outlandish-intel-campaign-aimed-at-us-and-asian-targe ts
$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)