China-backed “LapDogs” hackers hijacked hundreds of devices in an outlandish intel campaign aimed at US and Asian targets – 1v1 Video Chat & LIve Streaming & Influencer Subscription

Tech Radar Pro

Tech Radar Gaming

Tech Radar Pro

TechRadar the business technology experts

Search TechRadar

View Profile

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

Expert Insights

Website builders

Web hosting

Best website builder
Best web hosting
Best office chairs
Best antivirus
Expert Insights

You may like

Hackers are hitting firewalls and VPNs to breach businesses

US local governments targeted by Chinese hackers

Chinese hackers launch major cyberattack campaign against businesses across the world

Stealth, persistence, and false identities
LapDogs is an ongoing campaign, active since September 2023, targeting real estate, media, municipal, and IT sectors.

Devices from known vendors such as Buffalo Technology and Ruckus Wireless have reportedly been compromised.
The attackers use a custom backdoor named ShortLeash, which grants extensive privileges and stealth, allowing them to blend in with legitimate traffic.
According to the report, once a device is infected, it may go undetected for months, and in worst-case scenarios, some are used as gateways to infiltrate internal networks.

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
Unlike typical botnets that prioritize disruption or spam, LapDogs reveals a more surgical approach.
“LapDogs reflects a strategic shift in how cyber threat actors are leveraging distributed, low-visibility devices to gain persistent access,” said Ryan Sherstobitoff, Chief Threat Intelligence Officer at SecurityScorecard.
“These aren’t opportunistic smash-and-grab attacks—these are deliberate, geo-targeted campaigns that erode the value of traditional IOCs (Indicators of Compromise).”
With 162 distinct intrusion sets already mapped, the structure of the operation suggests clear intent and segmentation.
What is especially unsettling is the spoofing of legitimate security credentials.
The malware fabricates TLS certificates appearing to be signed by the Los Angeles Police Department.
This forgery, combined with geolocation-aware certificate issuance and assigned ports, makes it extremely difficult for conventional detection systems to flag malicious behavior.
Even the best endpoint protection tools would be challenged in spotting such well-disguised intrusions, especially when activity is routed through compromised home routers rather than enterprise assets.
SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB system, but emphasizes that the two are distinct in infrastructure and execution.
The broader concern raised is the expanding vulnerability landscape. As businesses rely more on decentralized devices and fail to update embedded firmware, the risk of persistent espionage increases.
The report calls on network defenders and ISPs to review devices across their supply chains.
SecurityScorecard compares LapDogs with PolarEdge, another China-linked ORB system, but emphasizes that the two are distinct in infrastructure and execution.
The broader concern raised is the expanding vulnerability landscape. As businesses rely more on decentralized devices and fail to update embedded firmware, the risk of persistent espionage increases.
The report calls on network defenders and ISPs to review devices across their supply chains.
This means there is a need to reconsider reactive solutions and focus on more proactive infrastructure-level measures, such as the best FWAAS and best ZTNA solution deployments.
You might also like

These are the best business laptops available to buy right now
And you should take a look at the best office chairs we’ve tried
Windows users warned of major security issue – here’s why FileFix attack could be a big concern

Efosa Udinmwen

Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master’s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Hackers are hitting firewalls and VPNs to breach businesses

US local governments targeted by Chinese hackers

Chinese hackers launch major cyberattack campaign against businesses across the world

FBI warns outdated routers are being hacked and hijacked for criminal purposes

Criminals hijacking subdomains of popular websites such as Bose or Panasonic to infect victims with malware: here’s how to stay safe

IPv6 networking feature hit by hackers to hijack software updates

Latest in Security

Hackers claim to be selling 61 million Verizon records online, but it might not be what it seems

Cybercriminals are abusing LLMs to help them with hacking activities

ClickFix fake error message malware spikes over 500%, takes second place as the most abused attack vector

This new malware has developed a spooky way to tell AI-based detection methods to ignore it

Microsoft Entra ID vulnerability allows full account takeover – and takes barely any effort

SMBs are being hit by malicious productivity tools – Zoom and ChatGPT spoofed by hackers

Latest in News

Jake Paul vs Chavez Jr LIVE: fight replay, cheapest PPV deals for the boxing blockbuster, highlights

Android 16 will soon flag fake cell towers and warn you if someone is spying on your phone

Apple could finally go all-screen with the iPad Pro, as new leak hints at slimmest-ever bezels

This ‘meh’ iPhone 17 Air camera tip might give us more insight than meets the eye

ICYMI: the week’s 7 biggest tech stories from Tesla finally launching robotaxis (kinda) to Samsung’s foldables teaser

Microsoft is phasing out passwords soon – here’s why passkeys are replacing them and what to do next