Suspected Chinese Hackers Exploit Trimble Cityworks Flaw: A Comedy of Errors in Utility Management Security

Chinese crew exploits Trimble Cityworks flaw to infiltrate US local government networks. Despite Trimble’s patch, attackers sneak in like ninjas with a knack for utilities management systems, deploying webshells and custom malware. Apparently, exploiting outdated Microsoft IIS servers is still in fashion. Who knew hacking could be so retro?

3P
Published: May 22, 2025 6:37 pmAdded: May 22, 2025 at 12:11 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, well, well, it looks like some folks have been busy playing “Capture the Flag” with US local governments’ networks. Who knew utility management could be so thrilling? The Chinese threat actors seem to be getting their kicks out of digital sightseeing in the land of opportunity, with a side of espionage. It’s like a cyber version of a heist movie, minus the cool soundtrack.

Key Points:

  • Chinese-speaking crew exploited a patched RCE flaw in Trimble Cityworks.
  • Cisco’s Talos identified the group UAT-6382 as the culprits behind these intrusions.
  • The flaw, CVE-2025-0994, was patched in February but was exploited even before that.
  • The attacks targeted US local government networks, focusing on utility management systems.
  • Tools used include AntSword, Chopper, TetraLoader, Cobalt Strike, and VShell.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?