New Delhi | Global cybersecurity agencies have exposed a major phishing operation linked to a Russian-associated cybercrime group called “Diesel Vortex,” which reportedly stole more than 1,600 login credentials by targeting the logistics and transportation sector. According to reports, the group was active between September 2025 and February 2026 and focused on several freight and trucking companies across the United States and Europe.
The cyber campaign targeted users of major logistics platforms including DAT Truckstop, Penske Logistics, Electronic Funds Source (EFS), and Timocom. Security experts said the group operated under an organised criminal model and attempted to sell phishing access to other cybercriminals through a network branded as “MC Profit Always.”
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
The attackers used spear-phishing emails and voice phishing calls to target logistics professionals. Reports suggest that the criminals created fake websites resembling platforms commonly used by transport company employees. Through this method, they were able to intercept login credentials as well as multi-factor authentication (MFA) codes in real time.
Cybersecurity investigations also revealed that the group used Telegram channels to target professionals in the freight sector. The attackers sent fake website links directing users to phishing login pages where email IDs, passwords, and security codes were secretly recorded. The stolen data was later used to redirect shipment routes, commit financial fraud, and carry out check fraud activities.
Investigators uncovered the operation after identifying a suspicious domain cluster. Analysts discovered an exposed Git directory on a phishing server containing the group’s source code, victim database, internal communications, and future operational plans. The data provided crucial insights into the structure of the cybercrime network.
By February 2026, approximately 52 phishing domains were reportedly active, targeting more than 75,000 contact emails. In addition, around 35 potential electronic funds transfer fraud attempts were identified. Experts said the campaign was not limited to password theft but also extended to invoice fraud and double-brokering schemes.
The cybercriminals designed phishing websites to closely mimic legitimate platforms, giving users the impression of accessing a trusted service. Technically, a dual-domain system was used — the first domain appeared as a legitimate-looking website, while the actual phishing content was loaded inside a hidden browser frame. This technique helped bypass traditional security warning systems.
Security experts advised users to adopt FIDO2 hardware security keys or device-bound passkeys for protection, as real-time phishing attacks can bypass traditional OTP and SMS-based authentication systems. Monitoring typosquatted domains and deploying DNS filtering solutions were also recommended.
The cyber campaign has raised serious concerns about supply chain cybersecurity across the global logistics industry. Experts warn that cybercriminal groups may increasingly target supply-chain-dependent sectors in the future. International security agencies are continuing investigations to identify other possible individuals associated with the network.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
