Cybercriminals targeting trucking and logistics

A U.S. Customs and Border Protection officer stands by to conduct visual inspection of vehicles prior to them passing through a Mobile VACIS system at a Seattle port of entry on Sept. 14, 2010. (Donna Burton/CBP)

By OLE VILLADSEN, SELENA LARSON AND PROOFPOINT RESEARCHERS • Nov 03, 2025

Proofpoint is tracking a cluster of cybercriminal activity that targets trucking and logistics companies and infects them with RMM tooling for financial gain. Based on our ongoing investigations paired with open-source information, Proofpoint assesses with high confidence that the threat actors are working with organized crime groups to compromise entities in the surface transportation industry — in particular trucking carriers and freight brokers — to hijack cargo freight, leading to the theft of physical goods. The stolen cargo most likely is sold online or shipped overseas. Such crimes can create massive disruptions to supply chains and cost companies millions, with criminals stealing everything from energy drinks to electronics.

In the observed campaigns, threat actors aim to infiltrate companies and use their fraudulent access to bid on real shipments of goods to ultimately steal them. The observed campaigns described in this report are similar to activity Proofpoint researchers previously detailed in September 2024. However, we cannot assess with high confidence whether historic and current campaigns are conducted by the same or multiple groups; thus, Proofpoint is not attributing the activity to a tracked threat actor.

According to the National Insurance Crime Bureau, cargo theft leads to $34 billion in losses annually. Cargo theft can refer to many different types of activities leading to the theft of commercial shipments while cargo is in transit. Much of this activity is conducted by organized criminal groups, according to U.S. law enforcement, and Congress has introduced legislation to combat organized retail theft as it has skyrocketed since the COVID-19 pandemic. (Cargo theft conducted by organized crime has been a problem for decades – from “Old West Train Robbers” to 1960s mobsters to our modern cyber-enabled heists.) Proofpoint previously published details on a similar type of cybercrime targeting cargo that impersonates various companies to steal medical and electronic equipment.