North American trucking and logistics RMM social-engineering campaign
Campaign
Summary
Hide ▲
Show ▼
North American trucking and logistics companies are facing an active social-engineering campaign that uses fraudulent freight lures, email thread hijacking, and malicious links to gain access to victim systems. The attackers install RMM/RAS tools such as ScreenConnect, SimpleHelp, and LogMeIn Resolve to take remote control after initial compromise. They also use credential harvesting to deepen access and support cargo theft and account compromise. The activity has been observed since at least June 2025, with related campaigns going back to January 2025 and nearly two dozen campaigns seen in September and October 2025.
Related Happenings
Cyber-enabled cargo theft is surging across transportation and logistics in 2025
Target Trend
First: 30.04.2026 19:32
Last: 30.04.2026 19:32
Sources 1
About this happening:
**Cyber-enabled cargo theft** is surging across **transportation and logistics**, driving nearly **$725 million** in estimated losses in the **U.S. and Canada** and materially inc...
Cyber-enabled cargo theft is surging across transportation and logistics in 2025
Target TrendAbout this happening: **Cyber-enabled cargo theft** is surging across **transportation and logistics**, driving nearly **$725 million** in estimated losses in the **U.S. and Canada** and materially inc...
Tax-season credential phishing and RMM malware campaign
Campaign
First: 30.03.2026 18:00
Last: 30.03.2026 18:00
Sources 1
About this happening:
A **tax-themed** cyber campaign is using **credential phishing**, **remote monitoring and management (RMM) tools**, and **fraud lures** to target people handling **financial data*...
Tax-season credential phishing and RMM malware campaign
CampaignAbout this happening: A **tax-themed** cyber campaign is using **credential phishing**, **remote monitoring and management (RMM) tools**, and **fraud lures** to target people handling **financial data*...
Greenvelope phishing-to-LogMeIn Resolve dual-vector campaign
Campaign
First: 23.01.2026 13:18
Last: 23.01.2026 13:18
Sources 1
About this happening:
A **dual-vector phishing campaign** is using **fake Greenvelope invitations** and **stolen credentials** to establish **persistent remote access** on compromised hosts, turning le...
Greenvelope phishing-to-LogMeIn Resolve dual-vector campaign
CampaignAbout this happening: A **dual-vector phishing campaign** is using **fake Greenvelope invitations** and **stolen credentials** to establish **persistent remote access** on compromised hosts, turning le...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware Activity
First: 03.11.2025 18:46
Last: 03.11.2025 18:46
Sources 1
About this happening:
Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
ScreenConnect and NetSupport abuse for freight cargo hijacking
Malware ActivityAbout this happening: Malicious deployment of **ScreenConnect**, **NetSupport**, and related **RMM tools** is giving attackers remote control over **freight-broker** and **trucking carrier** systems, e...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
Target Trend
First: 03.11.2025 17:00
Last: 03.11.2025 17:00
Sources 1
How related:
Proofpoint has observed nearly two dozen campaigns targeting North American freight companies in September and October 2025, with volumes ranging from less than 10 to over 1000 messages per campaign.
About this happening:
**North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Repeated malicious campaigns targeting North American freight companies in September-October 2025
Target TrendHow related: Proofpoint has observed nearly two dozen campaigns targeting North American freight companies in September and October 2025, with volumes ranging from less than 10 to over 1000 messages per campaign.
About this happening: **North American freight companies** faced a sustained surge of malicious campaign activity in **September and October 2025**, with operators running **nearly two dozen campaigns*...
Timeline
-
03.11.2025 17:00 2 articles · 6mo ago
Proofpoint identifies cargo theft campaigns targeting North American trucking and logistics companies
Initial DisclosureProofpoint identified active malicious campaigns targeting transportation, trucking, and logistics companies in North America, where threat actors use social engineering, compromised load boards, email thread hijacking, and direct email campaigns to deliver malicious URLs and install RMM/RAS tools such as ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve; the activity also includes credential harvesting with WebBrowserPassView and is associated with suspected cargo theft. Proofpoint said the threat cluster has been active since at least June 2025, with related campaigns going back to January 2025 and nearly two dozen campaigns seen in September and October 2025.
Show sources
- Hackers Help Organized Crime Groups in Cargo Freight Heists, Researchers Find — www.infosecurity-magazine.com — 03.11.2025 17:00
- Hackers Help Organized Crime Groups in Cargo Freight Heists, Researchers Find — www.infosecurity-magazine.com — 03.11.2025 17:00