Chinese-speaking hackers dubbed 
UAT-6382 have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the US.
Trimble Cityworks is a GIS-based asset management and work order management software primarily used by local governments, utilities, and public works organizations and designed to help infrastructure agencies and municipalities manage public assets, handle permitting and licensing, and process work orders.
UAT-6382 used a Rust-based malware loader to deploy Cobalt Strike beacons and VSHell malware designed to backdoor compromised systems and provide long-term persistent access, as well as web shells and custom malicious tools written in Chinese.
bleepingcomputer.com/news/security/
UAT-6382 have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the US.
Trimble Cityworks is a GIS-based asset management and work order management software primarily used by local governments, utilities, and public works organizations and designed to help infrastructure agencies and municipalities manage public assets, handle permitting and licensing, and process work orders.
UAT-6382 used a Rust-based malware loader to deploy Cobalt Strike beacons and VSHell malware designed to backdoor compromised systems and provide long-term persistent access, as well as web shells and custom malicious tools written in Chinese.
bleepingcomputer.com/news/security/