惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
小众软件
小众软件
J
Java Code Geeks
V
Visual Studio Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
美团技术团队
阮一峰的网络日志
阮一峰的网络日志
V
V2EX
博客园 - 叶小钗
N
Netflix TechBlog - Medium
月光博客
月光博客
aimingoo的专栏
aimingoo的专栏
大猫的无限游戏
大猫的无限游戏
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
Cisco Talos Blog
Cisco Talos Blog
Hacker News: Ask HN
Hacker News: Ask HN
Hacker News - Newest:
Hacker News - Newest: "LLM"
AWS News Blog
AWS News Blog
Webroot Blog
Webroot Blog
The Last Watchdog
The Last Watchdog
T
Threatpost
I
Intezer
T
Tenable Blog
L
LINUX DO - 热门话题
T
Tailwind CSS Blog
Scott Helme
Scott Helme
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
Engineering at Meta
Engineering at Meta
S
Schneier on Security
Recent Announcements
Recent Announcements
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
F
Fortinet All Blogs
腾讯CDC
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
量子位
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
Google Online Security Blog
Google Online Security Blog
人人都是产品经理
人人都是产品经理
博客园 - 【当耐特】
博客园 - Franky
www.infosecurity-magazine.com
www.infosecurity-magazine.com

Proofpoint News Feed

The Hacker News Hackers find a new trick to collect Microsoft Entra user data without raising red flags Suspected Chinese snoops caught breaking into universities New Cargo Theft Surge: From Lobster Heists To Bourbon Warehouse Scams Defending the Authentication Flow: Device Code Phishing with Selena Larson Proofpoint Joins the OpenAI Daybreak Cyber Partner Program to Advance Responsible AI-Powered Cyber Defense | Proofpoint US OpenAI Lets Cyber Vendors Embed GPT-5.5 in Defenses Suspected North Korean actors use fake ‘coding assignments’ to steal crypto China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era | Proofpoint US Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude | Proofpoint US Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America | Proofpoint US The spy who logged me in. - YouTube Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations | Proofpoint US The Most Powerful Women Of The Channel 2026: Power 100 AI Security Gaps Create New MSSP Opportunity: Proofpoint Claude Mythos Fears Startle Japan's Financial Services Sector Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place | Proofpoint US AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants Clear market trend for software providers to help with AI: Proofpoint CEO - YouTube Freight Hacker Wields Code-Signing Service to Evade Defenses - YouTube FIFA World Cup 2026: More than One-Third of Official Partners Expose the Public to the Risk of Email Fraud | Proofpoint US Microsoft 365 mailbox rules abused for exfiltration, persistence AI Security Risks: Proofpoint CSO Ryan Kalember, Live at RSAC 2026 Axios Future of Cybersecurity: Russians suspected of using iPhone spyware 15 Top Cybersecurity CEOs On The Future Of AI Agents: RSAC 2026 How AI Agents Are Redefining the Insider Risk Threat Model 5 Ways To Protect Enterprise Value During A Merger Or Acquisition CUBE Events 20 Coolest AI And Security Products At RSAC 2026 Proofpoint Redefines Email and Data Security for the Agentic Workspace | Proofpoint US Proofpoint Pursues FedRAMP High Authorization Process for Collaboration Security | Proofpoint US Proofpoint Unveils Industry’s Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents | Proofpoint US
Cargo thieving hackers running sophisticated remote access campaigns, researchers find
2026-04-16 · via Proofpoint News Feed

Security researchers recently spent a month getting a first-hand look at the activity of cybercriminals targeting the trucking and logistics industry.

The researchers, from cybersecurity firm Proofpoint, previously described how threat actors gain access to companies in the shipping industry to steal cargo and siphon payments — but their new research sought to answer the question of what exactly happens after they get their feet in the door. 

The work sheds light on the growing threat of cyber-enabled cargo theft and its links to organized crime. Losses from cargo theft in North America rose to $6.6 billion in 2025, driven largely by digital attacks, according to the fleet management company Geotab.

“It’s a huge problem beyond just one actor or one country,” said Ole Villadsen, one of the Proofpoint researchers.  

Using a controlled decoy environment, his team intentionally downloaded a malicious payload sent by email to transportation carriers after the cybercriminals had compromised a load board platform, a marketplace where freight brokers and shippers connect to arrange the movement of cargo. 

After getting access, the cybercriminals installed six separate remote access tools, including four ScreenConnect instances, which researchers believe was an attempt to maintain remote control in case any of them were taken down. 

The last downloaded ScreenConnect tool presented a surprise: the use of a script that automatically queried an external certificate signing service. This enabled all installed components to be signed with a certificate that Windows perceived to be trusted. 

“This was a new capability that we were lucky enough to encounter,” said Villadsen. He believes the “signing-as-a-service” tool is an adaptation to recent security efforts by ScreenConnect to revoke existing certificates and require new instances of the software to sign an installer, which “disrupted the whole RMM [remote monitoring and management] ecosystem significantly.”

“So rather than everybody trying to create their own certificate, we can have this kind of secret little signing-as-a-service process,” he said. “Not only was the MSI [Microsoft Installer] signed, but it would also go out and replace all the component files and re-sign them as well. The whole thing was thought out pretty well.” 

Another thing that jumped out to Villadsen was the way in which the hackers seemed to not just be working to steal cargo but also to carry out “broader financial targeting and theft.”

They scanned for cryptocurrency wallets and manually checked for PayPal credentials. A PowerShell script on the infected device scanned for access points to financial institutions, money transfer services and online accounting platforms. It also searched for load management and freight brokerage platforms, as well as fuel card providers.  

“They know the transportation industry really, really well for sure, and know how to target that particular space,” he said. “But they're also cybercriminals, and they're looking for any way that they can monetize a workstation that they've landed on.” 

While this threat group is one of the most prolific at infiltrating load boards to deliver payloads, it is one of many cashing in on a vulnerable space. Villadsen says he and his team are tracking about a dozen different groups targeting the sector in North America and in Europe. 

With the vast majority of carriers being small enterprises with fewer than 10 trucks, they may not have robust cybersecurity defenses. By targeting them through load boards, hackers can infiltrate dozens or even hundreds of carriers at a time. 

“It’s an industry that unfortunately presents itself well to cyber intrusions and being able to escalate or scale the theft really well,” he said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Recorded Future

No previous article

No new articles

James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.