What Happened
Cisco says the threat actor behind the LapDogs campaign has expanded its SOHO router malware toolkit with LongLeash, DogLeash, and JarLeash backdoors. The post China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors appeared first on SecurityWeek .
Why It Matters
According to Cisco, the China-linked APT group behind the LapDogs campaign (tracked as UAT-7810) has expanded its SOHO router malware toolkit with new backdoors named LongLeash, DogLeash, and JarLeash, enabling persistent access to compromised network devices for espionage operations.[2][3][5][7] These backdoors focus on edge and router infrastructure, making it harder for traditional endpoint defenses to detect and remediate the intrusions.[2][5] From a RealGround perspective, while the campaign is not directly AI-focused, it heightens risk to AI systems by compromising the underlying network, which can be used to exfiltrate AI models and training data or to tamper with AI agent traffic and APIs. Organizations should integrate continuous red teaming and CISO-level AI security planning, and account for compromised network and router infrastructure as a critical part of AI supply chain and SBOM risk management.
RealGround Analysis
This signal maps to malicious AI use. Organizations using AI agents, LLM APIs, SaaS integrations, or sensitive data workflows should review whether this class of issue could create unauthorized tool execution, data leakage, weak approval gates, or unmanaged supply-chain exposure.
Recommended Actions
- Restrict AI agent tool permissions and production write paths.
- Review sensitive data access across prompts, logs, embeddings, memory, and SaaS integrations.
- Add human approval workflows for high-impact or state-changing actions.
- Run prompt injection and indirect prompt injection tests against affected workflows.
- Document the owner, control gap, and remediation deadline for this risk class.
Source
https://www.securityweek.com/china-linked-apt-expands-arsenal-with-new-leash-backdoors/
