(Nov 3): Hackers are infiltrating trucking and freight companies in a scheme to steal and sell cargo shipments, a growing campaign that could end up costing companies and consumers billions of dollars, according to new cyber security research.
Sunnyvale, California-based Proofpoint Inc said it has “high confidence” that the hackers are working with organized crime groups to pull off the cargo thefts. The attackers are particularly targeting trucking carriers and freight brokers, seeking to infect their computer networks with tools that provide remote access, with the ultimate goal of hijacking cargo, according to the research.
The stolen cargo is likely sold online or shipped overseas, according to the report.
“It has this sort of ripple effect across the entire ecosystem, from the ships that deliver them to the ports, that get picked up by the truckers, that get sent to businesses, and then ultimately onto consumers,” Proofpoint senior threat intelligence analyst Selena Larson said, highlighting that these types of cyberattacks have impacts far beyond just the companies that are compromised. “It is a full-scale supply chain threat.”
Such crimes can create massive disruptions to supply chains and cost companies billions, with criminals stealing everything from energy drinks to electronics. Cargo theft losses increased by 27% in 2024 and are predicted to rise another 22% in 2025, according to the National Insurance Crime Bureau, which estimates that cargo theft amounts to US$35 billion in annual losses.
Larson and threat researcher Ole Villadsen, co-author of the report, first noticed a criminal group carrying out cyberattacks on cargo companies in 2024, and they have since found evidence of at least three distinct groups using such methods. In the last two months, the researchers have observed nearly two dozen campaigns.
See also: Optus CEO Stephen Rue stands his ground in fiery probe into fatal outage
“It’s kind of like a constellation of different threat groups,” Larson said, adding that the cybercrime-enabled heists can be lucrative and challenging to combat. “It really requires a lot of effort on law enforcement, on businesses, on the end user to sort of say, ‘Okay, this is where we’re seeing all these things, and here’s how we can tackle this problem as a collective.’”
The cyber-enabled heists rely on social engineering and a knowledge of how the industry works, allowing hackers successfully pass as insiders, according to Proofpoint. The criminals look to exploit supply chain technology intended to move cargo more efficiently.
One tactic the groups use is compromising load boards, marketplaces that facilitate bookings for carriers. When a carrier responds to the posting, the hackers send an email containing a malicious link.
See also: Big Tech earnings reveal cracks in case for massive AI spending
On July 10, hackers sent an email to a carrier company that had responded to a fraudulent load post from a broker company, according to the report. The email claimed the carrier was “ready to go,” with a pickup and drop off window and load weight. The email linked to an “online setup packet,” which was a malicious link.
Demand is high for shipping loads, and so carriers will jump on new loads “like flies to soup,” Villadsen said. The problem is that carriers are moving fast in order to secure the load, and so they may not think twice about clicking on the link, especially since it looks like it’s being sent from a trusted broker.
“There’s a huge sense of urgency to get loads, and dispatchers — the ones who are usually trying to get the loads for the companies — they’re willing to throw caution to the wind if it means they might be able to get a load,” Villadsen said.
The most targeted commodities are food and beverages, according to the report. Larson said energy drinks are often stolen and shipped overseas because some of them are banned or restricted outside the US.
While the attacks that the researchers discuss in their report relate to North American cargo theft, they say this is a global problem. It’s not exactly clear where the hackers are operating from, but Villadsen said there are indications they could be located in Russia or Eastern Europe.
The entire criminal chain of these cargo attacks represents a “marriage of cybercrime and organised crime,” Villadsen said.
Uploaded by Magessan Varatharaja
