Summary Points
- Threat actors hack into surface transportation companies via compromised load board accounts, using fake load posts to initiate malicious email campaigns featuring links to remote access tools.
- They deploy remote monitoring and management (RMM) tools like Fleetdeck and LogMeIn Resolve to gain control over systems, enabling cargo hijacking for organized crime groups.
- Attack activities include reconnaissance and credential harvesting to deepen access, allowing hijackers to manipulate scheduling and divert shipments, causing significant supply chain disruptions.
- These cyber attacks, linked to organized crime, have targeted diverse companies since early 2025, with cargo theft resulting in over $30 billion yearly losses worldwide.
The Core Issue
Threat actors, likely organized crime groups, have been increasingly infiltrating surface transportation companies by hacking into their systems and deploying remote access tools to hijack shipments and steal valuable cargo, costing billions annually globally. Their method begins with compromising load board accounts—used for booking freight—by posting fake loads. When carriers inquire, the hackers respond with malicious links embedded in emails, which deliver remote monitoring and management (RMM) tools such as Fleetdeck and LogMeIn. These tools grant the hackers extensive control over the carrier’s systems, allowing them to manipulate scheduling and divert shipments to themselves, often selling stolen goods online or overseas, thus creating significant disruptions across supply chains.
The hackers also leverage compromised email accounts to embed malicious content into ongoing conversations and launch targeted email campaigns against freight and supply chain companies. After gaining access, they conduct reconnaissance, harvest credentials, and deepen their infiltration, sometimes using multiple RMM platforms in tandem to fly under detection. Their ultimate goal is cargo hijacking for financial profit, with clear ties to organized crime, and their activity has been ongoing since at least January 2025, revealing a sophisticated understanding of the logistics and software defense mechanisms within these industries. The threat report from Proofpoint underscores the serious risks posed by these cyberattacks, which not only threaten individual companies but also threaten to significantly disrupt global supply chains.
Risks Involved
The alarming trend of transportation companies being hacked to steal cargo underscores a growing cybersecurity vulnerability that could profoundly impact any business relying on logistics and supply chain operations; if your company depends on third-party carriers or freight services, a breach could lead to stolen merchandise, delays, financial losses, and even damage to your reputation, as malicious actors exploit weak points in digital systems, gain unauthorized access, and execute coordinated thefts that disrupt operations, compromise sensitive data, and erode customer trust — making it clear that cybersecurity measures are not optional but essential to protect your assets from these sophisticated threats.
Fix & Mitigation
Ensuring prompt action following a cyber attack in the transportation sector is critical to minimizing damage, protecting assets, and maintaining trust. For transportation companies, where cargo theft or disruption can have far-reaching economic and safety implications, swift remediation is vital to restore security and operational integrity.
Identify Threats: Conduct thorough and immediate threat assessments to understand the scope and nature of the breach.
Contain Breach: Isolate affected systems and networks to prevent lateral movement of attackers.
Eradicate Intruders: Remove malicious artifacts, malicious software, and unauthorized access points.
Patch Vulnerabilities: Apply security patches and updates to systems and applications to eliminate known vulnerabilities.
Restore Systems: Restore affected systems from clean backups to ensure they are free of malware or malicious modifications.
Enhance Security: Implement stronger security controls such as multi-factor authentication, intrusion detection systems, and network segmentation.
Monitor Continuously: Increase monitoring and logging to detect any residual or new malicious activity promptly.
Notify Authorities: Report the breach to relevant law enforcement and regulatory agencies as required.
Communicate Transparently: Inform stakeholders, customers, and partners about the incident and remediation efforts transparently.
Review and Improve: Analyze the incident to identify lessons learned and update security policies and procedures accordingly.
Continue Your Cyber Journey
Stay informed on the latest Threat Intelligence and Cyberattacks.
Explore engineering-led approaches to digital security at IEEE Cybersecurity.
Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.
Cyberattacks-V1cyberattack-v1-multisource
