Cisco's Talos threat intelligence group reported that a suspected Chinese hacking group, identified as UAT-6382, exploited a recently disclosed vulnerability in Trimble Cityworks to intrude into US local government networks. The vulnerability, CVE-2025-0994, was patched by Trimble but was actively exploited before the fix was available. Attackers utilized webshells and custom malware targeting utility management systems. This incident underscores the risks associated with lingering unpatched systems, particularly for critical infrastructure like utilities.
These intrusions began in January with a group Talos tracks, UAT-6382, breaking into US local governing bodies' networks to conduct reconnaissance.
Upon gaining access, UAT-6382 expressed a clear interest in pivoting to systems related to utilities management, highlighting their intent to target critical infrastructure.
Collection
[
|
...
]