In a letter sent to its customers and partners, Trimble said it observed cybercriminals abusing a deserialization vulnerability in its Cityworks product to engage in Remote Code Execution (RCE) and deploy Cobalt Strike beacons on Microsoft Internet Information Services (IIS) servers.
Hackers are hijacking government software to access sensitive servers Trimble Cityworks bug used to run remote code execution attacks.
We don’t know how big the attack is, or if any organizations were compromised as a result, but the US Cybersecurity and Infrastructure Security Agency (CISA) has released a coordinated advisory, urging customers to apply the patches as soon as possible, BleepingComputer has found.
“Following our investigations of reports of unauthorized attempts to gain access to specific customers’ Cityworks deployments, we have three updates to provide you,” the company said in the letter.
The warning comes from software vendor Trimble, whose product seems to have been used in the attack.
