Cityworks zero-day Chinese espionage exposed a targeted breach of US municipal software by state-backed actors using custom modular malware.
A Chinese state-sponsored hacking group exploited a zero-day vulnerability in Cityworks, a software platform used by local US governments, to gain unauthorized access to internal networks. The attackers leveraged a previously unknown flaw to deploy custom malware and conduct reconnaissance within targeted systems. Several municipal governments were compromised before the vulnerability was patched. Security researchers identified the malware as highly modular, designed for persistence and lateral movement. The campaign appears to be part of a broader espionage effort aimed at extracting sensitive operational data from public sector entities. The affected vendor has since issued a security update, and investigations are ongoing.
Analysis by Our Experts:
This incident highlights the strategic targeting of under-defended entry points in public infrastructure. Exploiting a zero-day in widely deployed municipal software demonstrates a calculated effort to exploit systemic weaknesses. The use of custom modular malware suggests preparation, resourcing and a long-term surveillance objective. Once again, local government IT ecosystems reveal themselves as soft targets in geopolitical cyberconflict. The delayed detection and response further emphasize how patch management and threat visibility remain dangerously inadequate. Espionage is no longer confined to federal targets. It is embedded in town halls and city grids.
Read the full article here.
