TZUTC: -0500   
   MSGID: 1210.consprcy@1:2320/105 2cc68681   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   China-backed "LapDogs" hackers hijacked hundreds of devices in an outlandish   
   intel campaign aimed at US and Asian targets   
      
   Date:   
   Sun, 29 Jun 2025 09:23:00 +0000   
      
   Description:   
   LapDogs is a China-linked espionage operation exploiting SOHO devices to gain   
   stealthy access across the US and Asia, using spoofed credentials and   
   persistent malware.   
      
   FULL STORY   
      
   A recently disclosed cyber espionage operation, dubbed LapDogs, has drawn   
   scrutiny following revelations from SecurityScorecards Strike Team.    
      
   The operation, believed to be conducted by China-aligned threat actors, has   
   quietly infiltrated over 1,000 devices across the United States, Japan, South   
   Korea, Taiwan, and Hong Kong.    
      
   What makes this campaign distinctive is its use of hijacked SOHO routers and   
   IoT hardware, transforming them into Operational Relay Boxes (ORBs) for   
   sustained surveillance.   
      
   Stealth, persistence, and false identities    
      
   LapDogs is an ongoing campaign, active since September 2023, targeting real   
   estate, media, municipal, and IT sectors.    
      
   Devices from known vendors such as Buffalo Technology and Ruckus Wireless    
   have reportedly been compromised.    
      
   The attackers use a custom backdoor named ShortLeash, which grants extensive   
   privileges and stealth, allowing them to blend in with legitimate traffic.    
      
   According to the report, once a device is infected, it may go undetected for   
   months, and in worst-case scenarios, some are used as gateways to infiltrate   
   internal networks.    
      
   Unlike typical botnets that prioritize disruption or spam, LapDogs reveals a   
   more surgical approach.    
      
   LapDogs reflects a strategic shift in how cyber threat actors are leveraging   
   distributed, low-visibility devices to gain persistent access, said Ryan   
   Sherstobitoff, Chief Threat Intelligence Officer at SecurityScorecard.    
      
   These arent opportunistic smash-and-grab attacksthese are deliberate,   
   geo-targeted campaigns that erode the value of traditional IOCs (Indicators    
   of Compromise).    
      
   With 162 distinct intrusion sets already mapped, the structure of the   
   operation suggests clear intent and segmentation.    
      
   What is especially unsettling is the spoofing of legitimate security   
   credentials.    
      
   The malware fabricates TLS certificates appearing to be signed by the Los   
   Angeles Police Department.    
      
   This forgery, combined with geolocation-aware certificate issuance and   
   assigned ports, makes it extremely difficult for conventional detection   
   systems to flag malicious behavior.    
      
   Even the best endpoint protection tools would be challenged in spotting such   
   well-disguised intrusions, especially when activity is routed through   
   compromised home routers rather than enterprise assets.    
      
    SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB   
   system, but emphasizes that the two are distinct in infrastructure and   
   execution.    
      
   The broader concern raised is the expanding vulnerability landscape. As   
   businesses rely more on decentralized devices and fail to update embedded   
   firmware, the risk of persistent espionage increases.    
      
   The report calls on network defenders and ISPs to review devices across their   
   supply chains.    
      
   SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB   
   system, but emphasizes that the two are distinct in infrastructure and   
   execution.    
      
   The broader concern raised is the expanding vulnerability landscape. As   
   businesses rely more on decentralized devices and fail to update embedded   
   firmware, the risk of persistent espionage increases.    
      
   The report calls on network defenders and ISPs to review devices across their   
   supply chains.    
      
   This means there is a need to reconsider reactive solutions and focus on more   
   proactive infrastructure-level measures, such as the best FWAAS and best ZTNA   
   solution deployments.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/china-backed-lapdogs-hackers-hijacked-h   
   undreds-of-devices-in-an-outlandish-intel-campaign-aimed-at-us-and-asian-targe   
   ts   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426