"In the current intrusion wave detected by Proofpoint, the unknown attackers have leveraged multiple methods, including compromised email accounts to hijack existing conversations, targeting asset-based carriers, freight brokerage firms, and integrated supply chain providers with spear-phishing emails, and posting fraudulent freight listings using hacked accounts on load boards. "The actor posts fraudulent freight listings using compromised accounts on load boards and then sends emails containing malicious URLs to carriers who inquire about the loads," it said. "This tactic exploits the trust and urgency inherent in freight negotiations.""
"Bad actors are increasingly training their sights on trucking and logistics companies with an aim to infect them with remote monitoring and management (RMM) software for financial gain and ultimately steal cargo freight. The threat cluster, believed to be active since at least June 2025 according to Proofpoint, is said to be collaborating with organized crime groups to break into entities in the surface transportation industry with the end goal of plundering physical goods. The most targeted commodities of the cyber-enabled heists are food and beverage products."
"The most targeted commodities of the cyber-enabled heists are food and beverage products. "The stolen cargo most likely is sold online or shipped overseas," researchers Ole Villadsen and Selena Larson said in a report shared with The Hacker News. "In the observed campaigns, threat actors aim to infiltrate companies and use their fraudulent access to bid on real shipments of goods to ultimately steal them.""
The threat cluster has been active since at least June 2025 and collaborates with organized crime to target surface transportation companies for theft of physical goods. Bad actors focus on trucking, asset-based carriers, freight brokers and integrated supply chain providers, prioritizing food and beverage commodities. Attackers use compromised email accounts, spear-phishing, fraudulent load board postings and malicious URLs to deliver remote monitoring and management tools and RATs. Campaigns enable fraudulent bidding on real shipments so actors can divert and steal cargo, with stolen goods likely sold online or shipped overseas. Observed malware families include information stealers and remote access trojans such as Lumma Stealer, StealC, and NetSupport RAT.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]