<ul><li>Chinese threat actor UAT-6382 exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell.</li><li>The CVE-2025-0994 vulnerability in Trimble Cityworks allowed remote code execution, with a CVSS v4 score of 8.6.</li><li>UAT-6382 breached U.S. local government networks using this vulnerability since January 2025, deploying Chinese-language web shells and custom malware.</li><li>Talos researchers identified UAT-6382 utilizing Rust-based loaders named TetraLoader, connecting to specific domains and IPs for malicious activities.</li></ul>

Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks

Discover more