Chinese Hackers Unleash Chaos on U.S. Governments: Trimble Cityworks Flaw Exploited
Chinese threat actors exploited a Trimble Cityworks flaw to breach U.S. local government networks, deploying malware with more speed than a caffeinated cheetah. Using tools like AntSword and TetraLoader, they gained access, proving once again that not all heroes wear capes—some write malware in Simplified Chinese.
Hot Take:
Looks like UAT-6382 has taken the express train from Beijing to Breachville, USA! These cyber ninjas have turned a patched Trimble Cityworks vulnerability into their personal playground, deploying malware like they’re handing out free samples. Trimble Cityworks, more like Trimble Citywreks, am I right? It’s a classic case of “I thought we fixed that,” but clearly, someone forgot to tell the hackers!
Key Points:
- UAT-6382, a Chinese-speaking threat actor, exploited a patched Trimble Cityworks vulnerability.
- The vulnerability, CVE-2025-0994, allows remote code execution via deserialization of untrusted data.
- Threat actors deployed web shells and malware like Cobalt Strike and VShell on compromised systems.
- TetraLoader, a Rust-based malware loader, was used to inject payloads into benign processes.
- Cisco Talos published indicators of compromise (IOCs) related to these attacks.
Already a member? Log in here