Chinese Hackers Breach US Local Governments: The GIS Software Fiasco of 2025

Chinese-speaking hackers have turned Trimble Cityworks into a playground, using a patched zero-day like a kid with a new toy. Armed with Rust-based malware, they breached US local governing bodies, leaving behind Chinese-written tools. If only hackers could use their multilingual skills for world peace instead! Stay patched, folks!

3P
Published: May 22, 2025 2:07 pmAdded: May 22, 2025 at 7:43 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like the hackers have added a new “Rust”-y twist to their cyber shenanigans! Trimble Cityworks may have patched the hole, but it seems like UAT-6382 brought a digital jackhammer to the party. Talk about a “city that never sleeps” – these hackers are turning local governments into their personal playgrounds. Who knew GIS software could be such a hot commodity? It’s like finding out your old Commodore 64 is the cornerstone of a hacker’s evil lair!

Key Points:

  • Chinese-speaking hackers used a zero-day vulnerability in Trimble Cityworks to breach U.S. local governments.
  • The malware involved includes Rust-based loaders and Cobalt Strike beacons.
  • Attacks started in January 2025, targeting systems related to utilities management.
  • A high-severity deserialization vulnerability (CVE-2025-0994) was exploited.
  • CISA urged federal agencies to patch the vulnerability immediately.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?