Schedule A Demo

Cybercriminals Exploit RMM Tools to Infiltrate Shipping and Logistics Networks

It is well known by now that cybercrime can have real world consequences leading to financial losses, but those losses usually come in the form of stolen data rather than more concrete theft. However, this is not always the case: sometimes digital theft is the precursor to physical theft. This rare confluence of cybercrime and conventional crime was recently made public in a report from Proofpoint where digital threat actors worked together with organized crime groups in elaborate attack chains with the goal of stealing physical high-value cargo from freight and shipping organizations.

The activity cluster in question was first observed in June 2025, but there is evidence that similar campaigns have been ongoing as early as 2024. The bulk of the cluster focused on cargo theft in North America, but investigators believe similar attacks are occurring in Brazil, Mexico, India, Germany, and South Africa. The attack method primarily revolves around compromising accounts on freight load boards, online marketplaces where carriers bid on shipments. The threat actor begins by posting a fraudulent shipment listing. Carriers responding to the posting become targets: they receive phishing emails orl inks, often leading to a malicious payload that delivers remote-monitoring and management tools such as ScreenConnect, SimpleHelp, LogMeIn, and N-able to the target device. Using this access, the attacker conducts reconnaissance, harvests credentials, deepens access in the victim’s network, then uses that to bid on real shipments under the victim’s identity or divert loads for theft.

These attacks have serious consequences. According to reports from the National Insurance Crime Bureau, cargo theft losses increased 27 percent in 2024 and are expected to increase another 22 percent this year. It is estimated that this cargo theft leads to 34 billion USD in losses annually. The threat is not only to big businesses: the attackers in this campaign are opportunistic and will go after small family-owned shipping companies and large-scale freight businesses equally. Organizations in transport, freight brokerage, and supply chain logistics must treat RMM abuse as a serious threat vector and implement strong controls accordingly.

Share

Related Posts

justin-shen-uQCbc_H-xCY-unsplash

Electric motorcycles and scooters face hacking risks to security and rider safety

bw-blog_un-1764705703306-e20b4b482ce1

AI model Claude Opus turns bugs into exploits for just $2283

curated-lifestyle-8LbGqfZ8vLY-unsplash

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

Singapore

Blackwired Pte Ltd

175A Bencoolen Street,

#06-01 Burlington Square,

189650, Singapore.

Americas

Blackwired (US) Inc.


Great Northern Corp Center II,


24950 Country Club Blvd,


North Olmsted, Ohio,


44070, United States.

UK | EU

Blackwired (UK) Ltd


Caledonia House,


89 Seaward Street,


Glasgow G41 1HJ,


United Kingdom.

Copyright © All Right Reserved

Privacy Policy