惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
A
About on SuperTechFans
IT之家
IT之家
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Blog — PlanetScale
Blog — PlanetScale
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
Vercel News
Vercel News
G
Google Developers Blog
J
Java Code Geeks
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
Cloudbric
Cloudbric
L
LINUX DO - 最新话题
MyScale Blog
MyScale Blog
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives
Attack and Defense Labs
Attack and Defense Labs
S
Security @ Cisco Blogs
Latest news
Latest news
I
Intezer
L
Lohrmann on Cybersecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
月光博客
月光博客
T
Threatpost
博客园 - 【当耐特】
S
Schneier on Security
P
Privacy International News Feed
G
GRAHAM CLULEY
T
Tenable Blog
AWS News Blog
AWS News Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
博客园 - Franky
Engineering at Meta
Engineering at Meta
美团技术团队
S
Secure Thoughts
T
Troy Hunt's Blog
Microsoft Security Blog
Microsoft Security Blog
SecWiki News
SecWiki News
V
Visual Studio Blog
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Cisco Talos Blog
Cisco Talos Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Martin Fowler
Martin Fowler
Webroot Blog
Webroot Blog
Google DeepMind News
Google DeepMind News
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Proofpoint News Feed

New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams Defending the Authentication Flow: Device Code Phishing with Selena Larson Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense | Proofpoint US OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses Suspected North Korean actors use fake ‘coding assignments’ to steal crypto China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era | Proofpoint US Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude | Proofpoint US Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US The spy who logged me in. - YouTube Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US The Most Powerful Women Of The Channel 2026: Power 100 AI Security Gaps Create New MSSP Opportunity: Proofpoint Claude Mythos Fears Startle Japan's Financial Services Sector Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Clear market trend for software providers to help with AI: Proofpoint CEO - YouTube Freight Hacker Wields Code-Signing Service to Evade Defenses - YouTube FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud | Proofpoint US Microsoft 365 mailbox rules abused for exfiltration, persistence AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026 Axios Future of Cybersecurity: Russians suspected of using iPhone spyware 15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026 How AI Agents Are Redefining the Insider Risk Threat Model 5 Ways To Protect Enterprise Value During A Merger Or Acquisition CUBE Events 20 Coolest AI And Security Products At RSAC 2026 Proofpoint Redefines Email and Data Security for the Agentic Workspace | Proofpoint US Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security | Proofpoint US Proofpoint Unveils Industry’s Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents | Proofpoint US
Cargo thieving hackers running sophisticated remote access campaigns, researchers find
2026-04-16 · via Proofpoint News Feed

Security researchers recently spent a month getting a first-hand look at the activity of cybercriminals targeting the trucking and logistics industry.

The researchers, from cybersecurity firm Proofpoint, previously described how threat actors gain access to companies in the shipping industry to steal cargo and siphon payments — but their new research sought to answer the question of what exactly happens after they get their feet in the door. 

The work sheds light on the growing threat of cyber-enabled cargo theft and its links to organized crime. Losses from cargo theft in North America rose to $6.6 billion in 2025, driven largely by digital attacks, according to the fleet management company Geotab.

“It’s a huge problem beyond just one actor or one country,” said Ole Villadsen, one of the Proofpoint researchers.  

Using a controlled decoy environment, his team intentionally downloaded a malicious payload sent by email to transportation carriers after the cybercriminals had compromised a load board platform, a marketplace where freight brokers and shippers connect to arrange the movement of cargo. 

After getting access, the cybercriminals installed six separate remote access tools, including four ScreenConnect instances, which researchers believe was an attempt to maintain remote control in case any of them were taken down. 

The last downloaded ScreenConnect tool presented a surprise: the use of a script that automatically queried an external certificate signing service. This enabled all installed components to be signed with a certificate that Windows perceived to be trusted. 

“This was a new capability that we were lucky enough to encounter,” said Villadsen. He believes the “signing-as-a-service” tool is an adaptation to recent security efforts by ScreenConnect to revoke existing certificates and require new instances of the software to sign an installer, which “disrupted the whole RMM [remote monitoring and management] ecosystem significantly.”

“So rather than everybody trying to create their own certificate, we can have this kind of secret little signing-as-a-service process,” he said. “Not only was the MSI [Microsoft Installer] signed, but it would also go out and replace all the component files and re-sign them as well. The whole thing was thought out pretty well.” 

Another thing that jumped out to Villadsen was the way in which the hackers seemed to not just be working to steal cargo but also to carry out “broader financial targeting and theft.”

They scanned for cryptocurrency wallets and manually checked for PayPal credentials. A PowerShell script on the infected device scanned for access points to financial institutions, money transfer services and online accounting platforms. It also searched for load management and freight brokerage platforms, as well as fuel card providers.  

“They know the transportation industry really, really well for sure, and know how to target that particular space,” he said. “But they're also cybercriminals, and they're looking for any way that they can monetize a workstation that they've landed on.” 

While this threat group is one of the most prolific at infiltrating load boards to deliver payloads, it is one of many cashing in on a vulnerable space. Villadsen says he and his team are tracking about a dozen different groups targeting the sector in North America and in Europe. 

With the vast majority of carriers being small enterprises with fewer than 10 trucks, they may not have robust cybersecurity defenses. By targeting them through load boards, hackers can infiltrate dozens or even hundreds of carriers at a time. 

“It’s an industry that unfortunately presents itself well to cyber intrusions and being able to escalate or scale the theft really well,” he said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Recorded Future

No previous article

No new articles

James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.