FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks
What happened
The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 mil
Edtech Firm Instructure Discloses Cyber Incident, Probes Impact
What happened
The FBI issued a public service announcement on April 30, 2026, warning the US transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. That represents a 60% increase over the prior year. Confirmed cargo theft incidents rose 18% in 2025, while the average value per theft grew 36% to $273,990, reflecting more selective targeting of high-value loads.
The FBI describes a multi-stage attack chain that has been active since at least 2024. Attackers first compromise freight broker or carrier accounts through phishing sites that install remote monitoring software, gaining persistent, undetected access. They then post fraudulent freight listings on load boards, tricking legitimate carriers into downloading malicious files, and accept real shipments under stolen carrier identities. Loads are rerouted to complicit drivers and stolen for resale. In some cases, criminals also demand ransoms for the location of diverted shipments.
The attack extends beyond the immediate theft. Threat actors alter the compromised carrier’s registration details with the Federal Motor Carrier Safety Administration and update insurance records, meaning legitimate companies often do not discover they have been compromised until brokers report missing shipments booked in their name. The Diesel Vortex threat group was identified in February as running a related campaign targeting freight and logistics operators in the US and Europe through phishing attacks using 52 domains, active since September 2025.
Who is affected
Shippers, freight brokers, carriers, and logistics companies across the US and Canadian transportation sector are directly targeted. Insurers covering cargo and carriers whose identities are stolen and used to accept fraudulent shipments face secondary exposure. The FBI noted that companies involved in shipping, receiving, delivering, and insuring cargo are all within the threat actors’ targeting scope.
Why CISOs should care
Cyber-enabled cargo theft has crossed into organized crime territory, with groups running multi-stage operations that combine credential theft, account compromise, identity fraud against federal carrier registries, and physical logistics manipulation. The modification of FMCSA registration records is a particularly significant escalation, as it weaponizes a government database to legitimize fraudulent operations and delay discovery.
For security leaders in logistics, manufacturing, or any sector with significant freight dependencies, this FBI warning is a signal that supply chain risk now extends to the physical movement of goods through digitally compromised intermediaries.
3 practical actions
Implement MFA on all freight broker and carrier platform accounts and load board access: The attack chain begins with credential compromise through phishing. MFA on accounts with access to load boards, shipment systems, and carrier registration platforms directly interrupts the initial access phase of the documented attack pattern.
Establish out-of-band verification for all unexpected shipment requests and carrier communications: The FBI specifically recommends verifying shipment requests through secondary channels. Implement a policy requiring phone or in-person verification for any load booking, carrier identity confirmation, or routing change that arrives through email or digital platforms, particularly from unfamiliar contacts.
Monitor FMCSA registration records for unauthorized changes to your carrier profile: Attackers modify carrier registration details to legitimize fraudulent operations under stolen identities. Establish a routine check of your FMCSA carrier profile for unauthorized changes to contact information, insurance records, or operating authority, and set up alerts where the registry allows it.
Also in the news today:
The post FBI Links Cybercriminals to Sharp Surge in Cargo Theft Attacks appeared first on CISO Whisperer.
*** This is a Security Bloggers Network syndicated blog from CISO Whisperer authored by Evan Rowe. Read the original post at: https://cisowhisperer.com/fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-links-cybercriminals-to-sharp-surge-in-cargo-theft-attacks
About Author
