Cybercriminals Target Logistics Networks
Cybercriminals exploit remote monitoring tools to infiltrate logistics and freight networks, aiming to steal valuable cargo for profit. According to a recent report from researchers, these attacks have been active since June 2025. The threat actors are believed to be working with organized crime groups that specialize in large-scale cargo theft.
Their main targets are companies in the surface transportation industry, including trucking firms, freight brokers, and supply chain providers. The most stolen items include food and beverage goods, which are easier to resell online or ship overseas.
How the Attacks Begin
Researchers found that the attackers use phishing emails and compromised accounts to trick logistics workers. For example, they hijack legitimate business conversations or create fake freight listings using hacked accounts. This tactic exploits the trust and urgency of the logistics industry, where quick deals are common.
When victims click on malicious links, they unknowingly download infected MSI installers or executable files. These files then install legitimate remote monitoring and management (RMM) tools such as ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, or LogMeIn Resolve. Because these programs are trusted in business environments, they rarely trigger antivirus warnings.
How Cybercriminals Use RMM Tools
Once access is gained, attackers use RMM software to explore company systems. They conduct network reconnaissance and install tools like WebBrowserPassView to steal login credentials. This allows them to gain deeper access into internal systems.
In one reported case, the attackers deleted existing bookings, blocked dispatcher notifications, and even added their own device to the company’s phone system. They then booked and transported loads under the company’s name, successfully stealing the cargo without immediate detection.
A Growing Trend in 2025
Since August 2025, at least two dozen similar campaigns have been detected. These attacks affect both small family-run businesses and large freight companies. Cybercriminals also use stolen information from previous breaches to identify valuable loads and plan future thefts.
The use of legitimate RMM software gives attackers several advantages. For example, it removes the need to create new malware and helps them evade detection. Moreover, these tools are often digitally signed, making them appear safe to users and security systems alike.
Why RMM Tools Are Hard to Detect
Because RMM programs are widely used for legitimate IT management, many employees trust them. Therefore, attackers exploit this trust to deploy malicious versions unnoticed. Researchers warn that such tools often bypass antivirus scans and network filters, allowing cybercriminals to operate silently for weeks.
Additionally, combining multiple RMM tools, like using PDQ Connect to deploy ScreenConnect, makes detection even harder and increases control over compromised systems.
How to Prevent These Attacks
Companies can reduce their risk by training employees to identify phishing emails and verifying all digital freight listings before acting. Regular network audits, strong access controls, and multi-factor authentication also help block unauthorized access.
Advanced cybersecurity solutions can monitor for abnormal RMM activity, detect misuse of remote access tools, and isolate infected systems automatically. Continuous monitoring and real-time threat detection can prevent hackers from manipulating or stealing logistics data.
Sleep well, we got you covered.
