Hackers infiltrating trucking and freight companies in a bid to steal and sell cargo shipments

Tractor trailers carrying shipping containers at the Port of Los Angeles in Los Angeles, California, US. Photo / Eric Thayer, Bloomberg via The Washington Post

Hackers are infiltrating trucking and freight companies in a scheme to steal and sell cargo shipments, a growing campaign that could end up costing companies and consumers billions of dollars, according to new cybersecurity research.

Sunnyvale, California-based Proofpoint Inc. said it has “high confidence” that the hackers are working with organised crime groups to pull off the cargo thefts.

The attackers are particularly targeting trucking carriers and freight brokers, seeking to infect their computer networks with tools that provide remote access, with the ultimate goal of hijacking cargo, according to the research.

The stolen cargo is likely sold online or shipped overseas, according to the report.

“It has this sort of ripple effect across the entire ecosystem, from the ships that deliver them to the ports, that get picked up by the truckers, that get sent to businesses, and then ultimately onto consumers,” Proofpoint senior threat intelligence analyst Selena Larson said. “It is a full-scale supply chain threat.”

Such crimes can create massive disruptions to supply chains and cost companies billions, with criminals stealing everything from energy drinks to electronics.

Cargo theft losses increased by 27% in 2024 and are predicted to rise another 22% in 2025, according to the United States National Insurance Crime Bureau, which estimates that cargo theft amounts to US$35 billion ($61b) in annual losses.

Different threats

Larson and threat researcher Ole Villadsen, co-author of the report, first noticed a criminal group carrying out cyberattacks on cargo companies in 2024, and they have since found evidence of at least three distinct groups using such methods.

In the last two months, the researchers have observed nearly two dozen campaigns.

“It’s kind of like a constellation of different threat groups,” Larson said, adding that the cybercrime-enabled heists can be lucrative and challenging to combat.

“It really requires a lot of effort on law enforcement, on businesses, on the end user to sort of say, ‘Okay, this is where we’re seeing all these things, and here’s how we can tackle this problem as a collective.’”

The cyber-enabled heists rely on social engineering and a knowledge of how the industry works, allowing hackers to successfully pass as insiders, according to Proofpoint.

Exploit technology

The criminals look to exploit supply chain technology intended to move cargo more efficiently.

One tactic the groups use is compromising load boards, marketplaces that facilitate bookings for carriers.

When a carrier responds to the posting, the hackers send an email containing a malicious link that installs remote access software on the carrier company’s systems.

Remote access software is often a legitimate tool that businesses can use for such things as troubleshooting their own systems, the researchers said.

On October 7, hackers sent an email to a carrier company that had responded to a fraudulent load post from a broker company, according to the report.

The email claimed the carrier was “ready to go”, with a pick-up and drop-off window and load weight. The email linked to an “online set-up packet”, which was a malicious link.

Demand is high for shipping loads, and so carriers will jump on new loads “like flies to soup”, Villadsen said.

The problem is that carriers are moving fast in order to secure the load, and so they may not think twice about clicking on the link, especially since it looks like it’s being sent from a trusted broker.

“There’s a huge sense of urgency to get loads, and dispatchers – the ones who are usually trying to get the loads for the companies – they’re willing to throw caution to the wind if it means they might be able to get a load,” Villadsen said.

Global problem

The most targeted commodities are food and beverages, according to the report.

Larson said energy drinks are often stolen and shipped overseas because some of them are banned or restricted outside the US.

While the attacks that the researchers discuss in their report relate to North American cargo theft, they say this is a global problem.

It’s not exactly clear where the hackers are operating from, but Villadsen said there are indications they could be located in Russia or Eastern Europe.

The entire criminal chain of these cargo attacks represents a “marriage of cybercrime and organised crime”, Villadsen said.

Sign up to Herald Premium Editor’s Picks, delivered straight to your inbox every Friday. Editor-in-Chief Murray Kirkness picks the week’s best features, interviews and investigations. Sign up for Herald Premium here.