Cybercrooks Team Up With Organized Crime To Steal Pricey Cargo

Cybercriminals are increasingly orchestrating lucrative cargo thefts alongside organized crime groups (OCGs) in a modern-day resurgence of attacks on freight companies.

Reminiscent of the decades-old criminal campaigns targeting train carriages and other shipping methods, researchers at Proofpoint say criminals are not only seeking to disrupt supply chains with cyberattacks, but to profit from the goods in transit, too.

Proofpoint’s threat research team, including Ole Villadsen and Selena Larson, has attributed nearly two dozen recent campaigns with high confidence to cybercriminals infecting US logistics companies with remote monitoring and management (RMM) tools, likely working with organized crime groups to collect and sell the stolen goods.

Attacks start at broker load boards – platforms that advertise loads to ship. Logistics and trucking companies then bid for the right to claim and ferry these shipments – a process that’s often done hastily in normal scenarios.

Cybercriminals are targeting accounts associated with these broker load boards, and once they gain access here, they post a fake load that attracts bids from unwitting cargo haulers.

In response to the bidding businesses, the attackers embed links that lead to malicious installations of legitimate RMM apps such as N-able, ScreenConnect, SimpleHelp, and more. 

They scan for credentials on the victim company’s network after establishing initial access to their systems, allowing them to successfully bid on genuine freight advertisements.

When they have all the details of a shipment, the attackers intercept communications and impersonate brokers or carriers to coordinate the delivery, redirecting the cargo to addresses under their control.

Once the cybercriminals are able to manage a specific shipment, they misdirect the goods to an address under their control and work with on-the-ground OCGs to steal the cargo, which is then sold on for personal gain.

Villadsen and Larson said that these crimes often cause huge disruptions to supply chains and can lead to millions of dollars’ worth of losses.

Criminal campaigns are seemingly target-agnostic, both in terms of the goods they’re looking to steal and the companies they exploit.

“Based on campaigns observed by Proofpoint, the threat actor does not appear to attack specific companies, and targets range from small, family-owned businesses to large transport firms,” the researchers wrote. 

These large transport businesses include asset-based carriers, freight brokerage firms, and integrated supply chain providers.

“The threat actor appears to be opportunistic about the carriers that it targets and will likely attempt to compromise any carrier who responds to the fake load posting,” they went on to say. 

“Once a threat actor has compromised a carrier, they probably will use their knowledge of the industry and any insider information derived from other compromises to identify and bid on loads that are likely to be profitable if stolen.”

In the latest campaigns, the types of goods stolen range from energy drinks to electronics – anything the attackers believe they can sell themselves.

Previous campaigns covered by Proofpoint last year, also based in North America, focused on the targeting of logistics businesses, but there was no mention of the resultant compromises being used to carry out real-world cargo thefts.

More recently, its researchers examined a rise in requests for quote (RFQ) scams, which involve creating seemingly legitimate lures to open finance agreements allowing them to take delivery of goods, which criminals then steal.

Cargo theft prevention and recovery network CargoNet publishes quarterly cargo theft reports, with the latest insights supporting Proofpoint’s findings.

In Q3 2025 alone, the total value of stolen goods was pegged at $111.88 million from 772 thefts, driven largely by OCGs targeting enterprise computer hardware, cryptocurrency mining kit, and copper products, the latter of which is trading at record prices.

The average value of a stolen shipment doubled compared to the previous year to $336,787. In contrast to Proofpoint’s conclusions, CargoNet said this is a sign that thieves are becoming more selective in choosing their targets.

Its previous Q2 report, published in July, noted that cargo thefts were up 13 percent year on year and 10 percent compared to Q1, with total losses standing at $128 million from 884 recorded thefts.

“CargoNet expects these social engineering tactics to become more prevalent in Q4 2025, particularly as criminal groups refine their information gathering methods and exploit publicly available load board data to identify and research high-value targets,” the latest report stated.

The National Insurance Crime Bureau estimates the annual losses stemming from cargo thefts to be in the region of $35 billion, with specific hotspots in California, Illinois, Florida, Texas, and Washington, although these encompass more traditional methods of cargo theft too, like simply stealing from unattended trucks. ®

Original Source