<ul><li>A suspected Chinese group exploited a remote code execution vulnerability in Trimble Cityworks to target US local government networks and utility management systems.</li><li>The flaw, tracked as CVE-2025-0994, was disclosed and patched in early February, allowing attackers to achieve RCE on customers' IIS servers.</li><li>The group, identified as UAT-6382 by Talos, began intrusions in January, deploying webshells, custom malware, and remote access tools to maintain access to compromised systems.</li><li>Chinese-speaking threat actors used tools like AntSword, Cobalt Strike, and VShell in the attacks, indicating ongoing malicious activities directed towards US entities.</li></ul>

Chinese snoops tried to break into US city utilities, says Talos

Discover more