A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.”UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers
First seen on thehackernews.com
Jump to article: thehackernews.com/2025/05/chinese-hackers-exploit-trimble.html
