Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Incidents

Chinese hackers hit US utilities via flaw

May 26, 2025
Reading Time: 2 mins read
in Incidents
NIST Launches New Metric to Track

Cisco’s Talos threat intelligence team uncovered a campaign by a suspected Chinese threat group, UAT-6382, that exploited a critical vulnerability in Trimble Cityworks software before it was publicly patched. Cityworks is widely used by local governments and utilities to manage assets and work operations. The flaw, tracked as CVE-2025-0994, enabled remote code execution and affected Microsoft IIS servers used by the software.

The intrusions reportedly began in January, weeks before Trimble released a fix in early February.

Talos researchers said the attackers broke into US local government networks, conducted reconnaissance, searched for sensitive files, and deployed persistent malware tools. Their primary target appeared to be systems connected to utility management.

The hackers used a variety of tools including Chinese-language webshells like AntSword and Chopper, as well as TetraLoader, a Rust-based custom loader.

TetraLoader, built using the MaLoader framework, helped deploy known offensive tools such as Cobalt Strike and VShell for ongoing access. MaLoader itself emerged on GitHub in late 2024, signaling active development of custom malware in Chinese-speaking threat communities.

Talos attributed the campaign to a Chinese-speaking actor based on technical tools, behavior, and targets. Despite the availability of a patch, many vulnerable systems remained unprotected, allowing attackers to infiltrate and maintain access to sensitive US infrastructure. The campaign reflects a broader strategy to compromise public utilities through software supply chains and delayed patch adoption.

Reference:

  • Chinese hackers exploited Cityworks vulnerability to infiltrate US local government and utility systems early in 2025
Tags: cyber incidentsCyber Incidents 2025Cyber threatsMay 2025
ADVERTISEMENT

Related Posts

DraftKings Warns Of Account Breaches

DraftKings Warns Of Account Breaches

October 8, 2025
DraftKings Warns Of Account Breaches

Salesforce Refuses To Pay Ransom

October 8, 2025
DraftKings Warns Of Account Breaches

Doctors Imaging Data Breach Hits 171K

October 8, 2025
Red Hat Data Breach Escalates Further

Red Hat Data Breach Escalates Further

October 7, 2025
Red Hat Data Breach Escalates Further

Threat Actors Claim Huawei Breach

October 7, 2025
Red Hat Data Breach Escalates Further

FC Barcelona Instagram Hacked By Scam

October 7, 2025

Latest Alerts

Microsoft Ties Storm 1175 To Medusa

Google Chrome RCE Flaw Details Leak

Redis Use After Free Bug Enables RCE

XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

Rhadamanthys Stealer Evolves Again

Subscribe to our newsletter

    Latest Incidents

    DraftKings Warns Of Account Breaches

    Doctors Imaging Data Breach Hits 171K

    Salesforce Refuses To Pay Ransom

    Red Hat Data Breach Escalates Further

    FC Barcelona Instagram Hacked By Scam

    Threat Actors Claim Huawei Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial