West Houston, TX – Impress IT Solutions is warning local businesses, especially those in government contracting, utilities, and infrastructure, about a dangerous vulnerability in Trimble Cityworks software that has been actively exploited by Chinese-linked hackers to infiltrate U.S. networks.
According to cybersecurity experts, a remote code execution vulnerability (CVE-2025-0944) in Cityworks allowed threat actors to drop malware and establish long-term access to internal systems. The flaw, which has since been patched, affected organizations running GIS-based asset management systems—software commonly used by city governments and utility services.
“This is a textbook case of how a single unpatched application can open the door to full-scale compromise,” said the team at Impress IT Solutions. “We’re helping West Houston businesses assess and lock down similar vulnerabilities in their software stack right now.”
What Happened?
A Chinese-speaking threat group tracked as UAT-6382 exploited CVE-2025-0944 to deploy advanced malware tools including:
- Cobalt Strike (used for post-exploitation and lateral movement)
- VShell (a remote access trojan)
- A custom-built loader dubbed TetraLoader, coded in Rust and linked to Chinese development communities.
Once inside, the attackers performed reconnaissance, scanned directories for sensitive data, and dropped web shells like AntSword and Behinder to maintain persistent, stealthy access.
Why This Matters to West Houston Businesses
The exploit may have originally targeted government entities, but it highlights a wider risk for any business using software platforms with geospatial, infrastructure, or asset-tracking functionality.
Impress IT Solutions warns that many local organizations unknowingly operate vulnerable tools with outdated permissions, misconfigurations, or publicly exposed endpoints—creating perfect targets for cyber espionage.
How Impress IT Solutions Protects You
🛡️ Patch & Vulnerability Management
Impress helps businesses identify and patch known vulnerabilities like CVE-2025-0944 before they’re exploited.
🔍 Threat Hunting & Web Shell Detection
Their cybersecurity team monitors for indicators of compromise (IoCs) including common web shells, suspicious PowerShell activity, and unauthorized admin access.
🔐 Remote Access Control & MFA
Impress locks down remote access channels and ensures multi-factor authentication (MFA) is enforced across all critical systems.
📊 Cyber Risk Assessments
Get a full system audit to detect at-risk applications, improper privilege settings, and other flaws that hackers often exploit.
💡 Employee Awareness Training
Many attacks start with spear phishing. Impress provides custom training to teach teams how to spot social engineering before it’s too late.
What You Should Do Now
Impress IT Solutions urges local businesses to review any use of Cityworks or similar software, and schedule a cybersecurity audit immediately.
“The attackers behind this campaign didn’t stop at breaching a server—they maintained access, deployed custom tools, and staged files for exfiltration,” the Impress team said. “This is exactly what we’re preventing every day for businesses here in West Houston.”
📞 Contact Impress IT Solutions Today
If you’re unsure whether your systems are exposed—or if you’re overdue for a patching and security check—call Impress IT Solutions for a free consultation.
Impress IT Solutions | Trusted Managed IT and Cybersecurity Experts in West Houston
Securing your infrastructure before hackers get the chance.
Managed IT Services
Transform your business with Managed IT Services from Impress Computers
