Hackers are working with organised crime groups to steal physical freight, posing as brokers or carriers, deploying malware, and rerouting real-world shipments, according to new research from cybersecurity firm Proofpoint, as reported by Bloomberg. The attackers are targeting freight brokers and trucking carriers with phishing emails and social engineering tactics. These messages often include credential stealers or remote-access malware, allowing hackers to manipulate shipment details once inside a company’s network.
Proofpoint says it has “high confidence” that the hackers are coordinating with organised criminal networks. The goal is to hijack loads, and the stolen goods are likely resold online or shipped overseas.
In one example, hackers impersonated a broker and emailed a “setup packet” to a responding carrier. That email included a malicious link disguised as shipment details, such as load weight and pickup window. Proofpoint says this attack vector relies on industry urgency as carriers scramble to secure jobs and may click links without hesitation if they appear to come from known sources.
“There’s a huge sense of urgency to get loads,” said Ole Villadsen, a Proofpoint threat researcher and co-author of the report, quoted by Bloomberg. “Dispatchers… [are] willing to throw caution to the wind if it means they might be able to get a load.”
Proofpoint says it has observed nearly two dozen distinct campaigns in just the last two months, and at least three known criminal groups involved. The company’s analysts describe this as a "marriage of cybercrime and organised crime.”
Cargo theft in the U.S. jumped by 27% in 2024 and is projected to rise another 22% in 2025, according to the National Insurance Crime Bureau (NICB), which estimates total annual losses at $35 billion. Goods frequently targeted include food, beverages, and electronics, commodities that are easy to move and sell, often overseas.
While Proofpoint’s report focuses on North American activity, the researchers note that this is a global threat, and the origin of the threat actors is unclear. Some indicators point to groups operating from Eastern Europe or Russia.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter Get Tom's Hardware's best news and in-depth reviews, straight to your inbox. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
“[It] really requires a lot of effort on law enforcement, on businesses, on the end user,” Proofpoint’s Selena Larson told Bloomberg. “It is a full-scale supply chain threat.”
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.