Hacker Group UAT-7810 Develops New Malware to Expand ORB Network Threatening Taiwan's Critical Infrastructure
Cybersecurity firm SecurityScorecard, which exposed the LapDogs Operational Relay Box (ORB) network a year ago, has released new details this week confirming that ORB network operator UAT-7810 continues to develop new malware to strengthen and expand the relay network. The threat to Taiwan's critical infrastructure and related targets remains ongoing, with threat intelligence teams warning of escalating cyber risks.

Highlights
- SecurityScorecard first exposed the LapDogs ORB network one year ago, linking it to attacks on Taiwan's critical infrastructure by threat actor UAT-5918.
- UAT-7810, identified as the operator of the LapDogs ORB network, is actively developing new malware to strengthen and expand the relay infrastructure.
- The LapDogs network continues to grow despite public exposure, signaling advanced adaptation by the threat actors behind it.
- Taiwan's telecommunications, energy, and other critical infrastructure sectors remain primary targets of the threat actors utilizing this ORB network.
- Threat intelligence teams are urging critical infrastructure operators to monitor for traffic indicators associated with the LapDogs ORB network.
Hacker Group UAT-7810 Develops New Malware to Expand ORB Network Threatening Taiwan's Critical Infrastructure
Cybersecurity firm SecurityScorecard first exposed the LapDogs Operational Relay Box (ORB) network approximately one year ago, drawing widespread attention to the infrastructure after identifying one of its key users as UAT-5918 — a threat actor known for targeting Taiwan's critical infrastructure.
This week, a threat intelligence team released new findings with further details on the network's operations. Researchers confirmed that UAT-7810, the operator behind the LapDogs ORB network, has been actively developing new malware to reinforce and scale the relay infrastructure.
What Is an ORB Network?
An Operational Relay Box (ORB) network is a collection of compromised or rented devices — such as routers, VPS servers, and IoT endpoints — used as intermediary hops to obfuscate the origin of cyberattacks. These networks make it significantly harder for defenders to trace malicious traffic back to its source.
Escalating Threat to Taiwan
The continued development of new malware by UAT-7810 signals that the LapDogs ORB network is being actively maintained and expanded, rather than abandoned following its public exposure. Security researchers warn that this poses a sustained and growing cybersecurity threat to Taiwan and other related targets.
UAT-5918, previously identified as a user of the LapDogs network, has a documented history of targeting telecommunications, energy, and other critical infrastructure sectors in Taiwan. The network's ongoing expansion suggests that threat actors are adapting their tooling to evade detection and maintain persistent access capabilities.
Industry Implications
The disclosure underscores the importance of continuous threat intelligence monitoring, particularly for operators of critical infrastructure. The ability of state-affiliated or state-sponsored actors to rebuild and evolve relay infrastructure even after public exposure highlights the resilience of advanced persistent threat (APT) operations.
SecurityScorecard and associated threat intelligence teams are expected to release further technical indicators to assist defenders in identifying and blocking traffic associated with the LapDogs ORB network.
原文來源: 查看原文
FAQ
Newsletter
Subscribe to our Low-Altitude Industry Newsletter
Daily curated news on low-altitude economy and drone industry, delivered to your inbox.
Reviewed and published by the LAETimes editorial desk ·


