216.73.216.86

Remote access, real cargo: cybercriminals targeting trucking and logistics

· Published 03/11/2025 14:28 · Modified 03/11/2025 20:43

Export JSON

Essential information

Published
03/11/2025 14:28
Modified
03/11/2025 20:43
Tags
2025-11-03 cargo theft cybercrime danabot fleetdeck logistics logmein resolve lumma stealer n-able netsupport pdq connect phishing remote monitoring tools screenconnect simplehelp social engineering stealc supply-chain trucking
Related entities
39 observables, 10 techniques (mitre), 10 malware, 1 others

Description

Cybercriminals are targeting and companies to steal cargo freight through elaborate attack chains. They compromise companies and use their access to bid on cargo shipments, which they then steal and sell. The threat actors typically deliver remote monitoring and management (RMM) tools as a first-stage payload. This cyber-enabled theft is part of a multi-million-dollar criminal enterprise that has increased due to digital transformation. The attackers use tactics such as compromising load boards, email thread hijacking, and direct targeting via email campaigns. They deliver RMM tools like , , and , which grant full control of compromised machines. The activity has been observed since at least June 2025, with nearly two dozen campaigns in the last two months alone.

External references