惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Y
Y Combinator Blog
阮一峰的网络日志
阮一峰的网络日志
人人都是产品经理
人人都是产品经理
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
IT之家
IT之家
美团技术团队
博客园_首页
Hugging Face - Blog
Hugging Face - Blog
Last Week in AI
Last Week in AI
G
GRAHAM CLULEY
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Tenable Blog
雷峰网
雷峰网
T
Tor Project blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Project Zero
Project Zero
Spread Privacy
Spread Privacy
A
Arctic Wolf
I
Intezer
AWS News Blog
AWS News Blog
W
WeLiveSecurity
Cyberwarzone
Cyberwarzone
S
Security @ Cisco Blogs
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 三生石上(FineUI控件)
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
博客园 - 叶小钗
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
爱范儿
爱范儿
S
Schneier on Security
Hacker News: Ask HN
Hacker News: Ask HN
有赞技术团队
有赞技术团队
NISL@THU
NISL@THU
月光博客
月光博客
J
Java Code Geeks
V
Visual Studio Blog
罗磊的独立博客
宝玉的分享
宝玉的分享
T
Tailwind CSS Blog
P
Privacy & Cybersecurity Law Blog
S
SegmentFault 最新的问题
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
Know Your Adversary
Know Your Adversary
The Cloudflare Blog
Scott Helme
Scott Helme
Webroot Blog
Webroot Blog

Proofpoint News Feed

New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams Defending the Authentication Flow: Device Code Phishing with Selena Larson Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense | Proofpoint US OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses Suspected North Korean actors use fake ‘coding assignments’ to steal crypto China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era | Proofpoint US Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude | Proofpoint US Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US The spy who logged me in. - YouTube Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US The Most Powerful Women Of The Channel 2026: Power 100 AI Security Gaps Create New MSSP Opportunity: Proofpoint Claude Mythos Fears Startle Japan's Financial Services Sector Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Clear market trend for software providers to help with AI: Proofpoint CEO - YouTube Freight Hacker Wields Code-Signing Service to Evade Defenses - YouTube FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud | Proofpoint US Microsoft 365 mailbox rules abused for exfiltration, persistence AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026 Axios Future of Cybersecurity: Russians suspected of using iPhone spyware 15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026 How AI Agents Are Redefining the Insider Risk Threat Model 5 Ways To Protect Enterprise Value During A Merger Or Acquisition CUBE Events 20 Coolest AI And Security Products At RSAC 2026 Proofpoint Redefines Email and Data Security for the Agentic Workspace | Proofpoint US Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security | Proofpoint US Proofpoint Unveils Industry’s Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents | Proofpoint US
Cargo thieving hackers running sophisticated remote access campaigns, researchers find
2026-04-16 · via Proofpoint News Feed

Security researchers recently spent a month getting a first-hand look at the activity of cybercriminals targeting the trucking and logistics industry.

The researchers, from cybersecurity firm Proofpoint, previously described how threat actors gain access to companies in the shipping industry to steal cargo and siphon payments — but their new research sought to answer the question of what exactly happens after they get their feet in the door. 

The work sheds light on the growing threat of cyber-enabled cargo theft and its links to organized crime. Losses from cargo theft in North America rose to $6.6 billion in 2025, driven largely by digital attacks, according to the fleet management company Geotab.

“It’s a huge problem beyond just one actor or one country,” said Ole Villadsen, one of the Proofpoint researchers.  

Using a controlled decoy environment, his team intentionally downloaded a malicious payload sent by email to transportation carriers after the cybercriminals had compromised a load board platform, a marketplace where freight brokers and shippers connect to arrange the movement of cargo. 

After getting access, the cybercriminals installed six separate remote access tools, including four ScreenConnect instances, which researchers believe was an attempt to maintain remote control in case any of them were taken down. 

The last downloaded ScreenConnect tool presented a surprise: the use of a script that automatically queried an external certificate signing service. This enabled all installed components to be signed with a certificate that Windows perceived to be trusted. 

“This was a new capability that we were lucky enough to encounter,” said Villadsen. He believes the “signing-as-a-service” tool is an adaptation to recent security efforts by ScreenConnect to revoke existing certificates and require new instances of the software to sign an installer, which “disrupted the whole RMM [remote monitoring and management] ecosystem significantly.”

“So rather than everybody trying to create their own certificate, we can have this kind of secret little signing-as-a-service process,” he said. “Not only was the MSI [Microsoft Installer] signed, but it would also go out and replace all the component files and re-sign them as well. The whole thing was thought out pretty well.” 

Another thing that jumped out to Villadsen was the way in which the hackers seemed to not just be working to steal cargo but also to carry out “broader financial targeting and theft.”

They scanned for cryptocurrency wallets and manually checked for PayPal credentials. A PowerShell script on the infected device scanned for access points to financial institutions, money transfer services and online accounting platforms. It also searched for load management and freight brokerage platforms, as well as fuel card providers.  

“They know the transportation industry really, really well for sure, and know how to target that particular space,” he said. “But they're also cybercriminals, and they're looking for any way that they can monetize a workstation that they've landed on.” 

While this threat group is one of the most prolific at infiltrating load boards to deliver payloads, it is one of many cashing in on a vulnerable space. Villadsen says he and his team are tracking about a dozen different groups targeting the sector in North America and in Europe. 

With the vast majority of carriers being small enterprises with fewer than 10 trucks, they may not have robust cybersecurity defenses. By targeting them through load boards, hackers can infiltrate dozens or even hundreds of carriers at a time. 

“It’s an industry that unfortunately presents itself well to cyber intrusions and being able to escalate or scale the theft really well,” he said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Recorded Future

No previous article

No new articles

James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.