The logistics sector, a vital link in global commerce, has become the latest target of cybercriminals. According to a recent report by Proofpoint, criminal groups are using legitimate Remote Monitoring and Management (RMM) tools to infiltrate transportation companies and steal physical goods—especially food and beverages.
What’s most concerning is that these attacks don’t aim to steal digital assets but tangible cargo, blending cybercrime with traditional freight fraud. In short, criminals are leveraging technology to deceive, manipulate systems, and steal truckloads of products.
According to Proofpoint, this new wave of attacks began around June 2025 and clearly shows collaboration between cybercrime groups and organized criminal networks. Their goal is to infiltrate ground transportation businesses—freight carriers, brokers, and logistics operators—to hijack cargo and resell it online or ship it abroad.
Researchers Ole Villadsen and Selena Larson explain that attackers impersonate legitimate identities to participate in real shipment auctions. Once they win, they divert the cargo through illicit channels.
While it’s unclear if these attacks are tied to 2024 campaigns involving malware like Lumma Stealer, StealC, or NetSupport RAT, the methods are similar: email spoofing, remote access software installation, and credential theft.
It all starts with something seemingly harmless: a compromised legitimate email. Cybercriminals intercept real conversations between operators and carriers, gain the recipient’s trust, and send malicious links disguised as quotes or shipping documents.
These links lead to MSI or executable files that install fully legitimate remote monitoring tools such as:
Unlike traditional malware, these tools aren’t flagged as threats by antivirus software since they’re widely used in enterprise environments. In fact, many are digitally signed and distributed with valid licenses.
In some cases, attackers even chain multiple RMM tools together—for example, using PDQ Connect to install ScreenConnect and SimpleHelp in tandem for deeper system access.
Learn more: What is RDP and how to protect it from vulnerabilities?
With remote access secured, attackers explore the corporate network to understand how internal operations work. Their next steps usually include:
In one documented case, attackers deleted existing bookings and blocked dispatch alerts. They then added their own devices to the company’s phone system, impersonated the legitimate carrier, and booked new shipments under the compromised operator’s name. The result: trucks loaded with stolen goods and rerouted without anyone noticing.
The choice to use RMM tools is strategic. These platforms offer key advantages to attackers:
Proofpoint notes that it’s relatively easy to create customized versions of these programs and distribute them without raising flags. Many users install them, thinking they’re legitimate support or maintenance tools.
In short: hackers are using the same tools IT teams rely on—only for criminal purposes.
The logistics sector is particularly vulnerable due to its complexity: thousands of vendors, constant email communication, and high trust between parties.
The urgency of operations—tight delivery schedules, last-minute changes, multiple routes—creates an ideal environment for attackers to exploit pressure and haste.
One breach can give cybercriminals access to routes, invoices, cargo lists, and customer data—or even control the physical flow of goods.
In most cases, the stolen cargo is resold online or exported abroad using forged documentation. High-demand items include food, beverages, pharmaceuticals, and electronics.
At TecnetOne, we understand that the blend of digital and physical crime is one of today’s most dangerous threats. To reduce the risk, we recommend:
In practice, cybersecurity in logistics is as important as locking a shipping container. Securing the route is useless if the management system can be manipulated remotely.
Similar titles: CVE-2025-10035: The Critical GoAnywhere MFT Vulnerability
These attacks prove that the line between digital and physical crime is fading. Criminals are no longer just stealing data or cryptocurrency—they’re after real-world goods, leveraging automation and supply chain connectivity.
Most concerning is that they’re using legitimate tools, not malware. This demands a mindset shift: it’s no longer enough to rely on antivirus software. You must understand the context and intent behind every connection or app.
The same tech used to optimize routes, monitor fleets, or track shipments in real-time can also be hijacked by attackers to control an entire logistics operation.
At TecnetOne, we believe the key lies in visibility and intelligent prevention. A secure digital environment isn’t just about software—it’s about the awareness of those who use it.
If you work in transportation, logistics, or supply chain, now is the time to review your protocols and reinforce your defenses. The next shipment at risk could be yours.