← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Remote access, real cargo: cybercriminals targeting trucking and logistics
WHITE AlienVault 2025-11-03 Modified: 2025-12-03
40
IOCs
MEDIUM VOLUME
Cybercriminals are targeting trucking and logistics companies to steal cargo freight through elaborate attack chains. They compromise companies and use their access to bid on cargo shipments, which they then steal and sell. The threat actors typically deliver remote monitoring and management (RMM) tools as a first-stage payload. This cyber-enabled theft is part of a multi-million-dollar criminal enterprise that has increased due to digital transformation. The attackers use tactics such as compromising load boards, email thread hijacking, and direct targeting via email campaigns. They deliver RMM tools like ScreenConnect, SimpleHelp, and PDQ Connect, which grant full control of compromised machines. The activity has been observed since at least June 2025, with nearly two dozen campaigns in the last two months alone.
screenconnectlumma stealerphishingsimplehelpcargo theftfleetdeckn-ablelogmein resolvedanabottruckinglogisticscybercrimenetsupportsocial engineeringsupply chainstealcremote monitoring toolspdq connect
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
ScreenConnect SimpleHelp PDQ Connect Fleetdeck N-able LogMeIn Resolve NetSupport DanaBot Lumma Stealer StealC
Indicators of Compromise (40)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 5750ad38fc9bf64ee9d4a352684de4c2 2025-11-03
FileHash-SHA1 eb0d113832f6f1ad0938128964f2513f6e485538 2025-11-03
FileHash-SHA256 4e6f65d47a4d7a7a03125322e3cddeeb3165dd872daf55cd078ee2204336789c 2025-11-03
FileHash-SHA256 559618e2ffbd3b8b849a6ad0d73a5630f87033976c7adccbd80c41c0b2312765 2025-11-03
FileHash-SHA256 70983c62244c235d766cc9ac1641e3fb631744bc68307734631af8d766f25acf 2025-11-03
FileHash-SHA256 8a00b3b3fd3a8f6b3ec213ae2ae4efd41dd5738b992560010ab0367fee72cd2a 2025-11-03
FileHash-SHA256 913375a20d7250f36af1c8e1322d1541c9582aa81b9e23ecad700fb280ef0d8c 2025-11-03
FileHash-SHA256 cf0cee4a57aaf725341d760883d5dfb71bb83d1b3a283b54161403099b8676ec 2025-11-03
URL http://nextgen1.net/carrier.broker.agreement.html. 2025-11-03
domain billpay-info.com 2025-11-03
domain brokeragepacket.com 2025-11-03
domain brokercarriersetup.com 2025-11-03
domain brokerpackets.com 2025-11-03
domain car-hauling.com 2025-11-03
domain carrier-packets.com 2025-11-03
domain carrier-packets.net 2025-11-03
domain carrieragreements.com 2025-11-03
domain carrierpack.net 2025-11-03
domain carrierpacket.online 2025-11-03
domain carriersetup.net 2025-11-03
domain centraldispach.net 2025-11-03
domain claimeprogressive.com 2025-11-03
domain confirmation-rate.com 2025-11-03
domain dwssa.top 2025-11-03
domain fleetcarrier.net 2025-11-03
domain fleetgo0.com 2025-11-03
domain i-lovepdf.net 2025-11-03
domain ilove-pdf.net 2025-11-03
domain nextgen01.net 2025-11-03
domain nextgen1.net 2025-11-03
domain nextgen223.com 2025-11-03
domain officews101.com 2025-11-03
domain ratecnf.com 2025-11-03
domain ratecnf.net 2025-11-03
domain rateconfirm.net 2025-11-03
domain scarrierpack.com 2025-11-03
domain vehicle-release.com 2025-11-03
domain wjwrateconfirmation.com 2025-11-03
hostname ggdt35.anondns.net 2025-11-03
hostname qtq2haw.anondns.net 2025-11-03
References (1)
↗ https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics