Chinese-speaking hackers are actively exploiting a vulnerability in the Trimble Cityworks asset management tool used by U.S. local governments, leading to targeted breaches. Cisco Talos confirmed these actors deploy web shells and custom malware, primarily using Chinese-language tools and messaging, indicating their origin. #CVE2025-0994 #ChineseThreatActors
Keypoints
- A vulnerability in Trimble Cityworks has been exploited since January by Chinese-speaking hackers.
- Hackers used web shells and custom malware, including tools written in Simplified Chinese, to maintain long-term access.
- Attacks included reconnaissance activities and data exfiltration of critical infrastructure files.
- Federal and local governments were mandated to patch CVE-2025-0994 to prevent further breaches.
- Cisco Talos and CISA confirmed the threat actors are likely Chinese-speaking based on the tools and language used.
Read More: https://therecord.media/chinese-speaking-hackers-target-municipalities-cityworks