UAT-7810, a China-nexus APT actor, continues to build Operational Relay Box (ORB) networks by exploiting n-day vulnerabilities in Ruckus and ASUS AiCloud routers. Talos identified four new malware families — LONGLEASH (an upgraded multi-protocol proxy backdoor), DOGLEASH (a passive C-based Linux backdoor), JARLEASH (a Java-based administrative backdoor), and LEASHTEST (a MIPS test binary) — deployed across MIPS, ARM, and x64 platforms. The actor uses at least four new servers to host payloads and deploy DOGLEASH via shell scripts that modify iptables rules on compromised devices.