A new wave of cyberattacks is quietly disrupting North America’s trucking and logistics networks. Security researchers say hackers are exploiting legitimate remote-management software to infiltrate transport systems, manipulate freight operations, and ultimately steal real cargo — all while evading traditional cybersecurity
A New Breed of Freight Hijackers
Bad actors are increasingly focusing their attention on trucking and logistics companies, lured by the potential to turn digital access into physical profit. According to researchers at Proofpoint, the attackers deploy remote monitoring and management (RMM) software — normally used by IT departments for maintenance and troubleshooting — to gain control over corporate networks.
Once inside, they move laterally across systems, conduct reconnaissance, and deploy credential-harvesting tools such as WebBrowserPassView to dig deeper. In at least one instance documented by Proofpoint, hackers reportedly deleted legitimate bookings, blocked dispatcher alerts, and inserted their own device extensions to re-book shipments under compromised carriers’ names, enabling them to coordinate the theft of physical goods.
Legitimate Tools, Malicious Ends
Unlike traditional malware, these campaigns rely on legitimate software like ScreenConnect, SimpleHelp, PDQ Connect, and LogMeIn Resolve. These remote-access programs are signed, widely used, and often evade antivirus detection.
“It’s fairly easy for threat actors to create and distribute attacker-owned remote monitoring tools,” Proofpoint noted in a March 2025 report. “Because they are often used as legitimate pieces of software, end users might be less suspicious of installing them.”
The strategy offers a double advantage: it removes the need for custom malware while flying under the radar of enterprise security systems. Once embedded, the tools give attackers persistence and visibility that traditional trojans struggle to maintain.
Freight Fraud and Supply-Chain Deception
The latest campaign mirrors a string of earlier attacks disclosed in September 2024 that also targeted North American transport companies. Back then, information-stealing malware such as Lumma Stealer, StealC, and NetSupport RAT were used to hijack conversations, manipulate freight listings, and defraud carriers.
In the new wave, attackers have refined their methods. Proofpoint observed that hackers use compromised email accounts to post fake freight listings, sending malicious URLs to carriers who respond. The tactic exploits the trust and urgency that define freight negotiations — a single malicious click can install RMM software that opens a backdoor into company systems.
These intrusions have been linked to fraudulent freight brokerage activity, with hackers inserting themselves into logistics chains, spoofing dispatchers, and manipulating load boards to divert shipments.
Digital Access, Physical Theft
Proofpoint researchers believe this “threat cluster,” active since at least June 2025, is working in tandem with organized crime groups to bridge the gap between cyber and physical theft. Once hackers gain network access, their criminal partners on the ground intercept real cargo — particularly food and beverage shipments, which are easier to offload or resell.
“The stolen cargo most likely is sold online or shipped overseas,” researchers Ole Villadsen and Selena Larson wrote in a report. “In observed campaigns, threat actors aim to infiltrate companies and use their fraudulent access to bid on real shipments of goods to ultimately steal them.”
The blending of digital intrusion and physical heist marks a troubling evolution in the global logistics threat landscape — one where a hacked email can lead, quite literally, to a truck disappearing off the highway.
