02.11.2025
2 min
488
Cybercriminals are targeting freight forwarders and brokers by sending out mass phishing emails and installing legitimate remote management tools (RMMs) to intercept orders, redirect shipments, and physically steal goods. Dozens of campaigns have been recorded since the beginning of the year, and the scale of the fraud is already reminiscent of organized crime operations.
Proofpoint researchers have uncovered a wave of targeted attacks on freight forwarders, brokers, and logistics companies. Cybercriminals are sending phishing emails that lead to fake pages with the logos of real carriers and offering urgent shipments.
After an employee opens the attachment or link, legitimate RMM tools are installed on the computer, including ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve. These programs give attackers complete control over the system — access to mail, documents, phone lines, and logistics platforms.
Once they gain access, criminals:
redirect cargo to fictitious points
delete reservations and block notifications
intercept communications with brokers
add their devices to dispatchers’ phone systems
order cargo on behalf of legitimate companies
Some groups work in tandem with thieves on the ground who physically requisition goods — from food to electronics.
In several cases, RMM tools have been combined with NetSupport, DanaBot, Lumma, StealC stealers to steal credentials, which allowed them to delve deeper into the internal systems of logistics companies.
According to NICB, losses from cargo theft in the US reach $35 billion annually. The digitization of logistics has made the industry more efficient — and at the same time vulnerable. Knowledge of internal processes, routes, and supply chains suggests the involvement of organized crime groups that are using cyber tools as a new weapon to hijack cargo.
Proofpoint has documented nearly two dozen mass campaigns since August targeting North America, but attacks have also been seen in Europe and Latin America. The main vectors are social engineering, plausible emails, knowledge of industry terminology, and preying on “urgent cargo.”
This is a new wave of cyber-physical crime, where hacking digital systems directly leads to theft in the real world. Businesses need to:
Prohibit the installation of untested RMM tools
Filter .EXE and .MSI in email
Train staff to recognize phishing
Monitor suspicious activity on the network
Logistics companies are not targeted by chance: criminals look for a weak point in the supply chain — and that often turns out to be the human factor.
