Emerging ThreatsMalware & Ransomware

FBI Warns of Surging Cyber-Enabled Cargo Theft Attacks

Analyst 207||Source: BleepingComputer
Semi-truck and trailer in a brightly-lit shipping yard with cargo containers in the background.

"The Federal Bureau of Investigation is publishing this Public Service Announcement (PSA) to warn the public of cyber threat actors increasingly using sophisticated, cyber-enabled tactics to impersonate legitimate businesses to hijack freight, steal high-value shipments, and reroute deliveries, resulting in a surge of strategic cargo theft," the FBI warned.

Scale of the losses: nearly $725 million in 2025

The bureau's alert quantifies a fast-moving problem: estimated losses from cyber-enabled cargo theft in the United States and Canada reached nearly $725 million in 2025, a 60% increase from the prior year. Confirmed cargo-theft incidents rose 18% last year, while the average value per theft jumped 36% to $273,990 — a sign, the FBI says, that criminals are increasingly selective, going after higher-value loads.

How attackers are hijacking shipments

The FBI lays out a multi-stage playbook used by threat actors. Attackers first gain access to freight brokers' and carriers' systems through spoofed emails and fake web links — techniques the bureau says have been used since at least 2024. Phishing sites install remote monitoring software, giving intruders undetected access to accounts and internal systems.

Once inside, criminals post tens of thousands of fake freight listings to online load boards, impersonate legitimate companies, and trick carriers into downloading malicious files. Using stolen carrier identities, they then accept real shipments and reroute loads to complicit drivers. Cargo is frequently stolen for resale, and in some cases criminals demand ransoms for the location of diverted loads. The FBI also reports that threat actors alter compromised carriers' registration details with the Federal Motor Carrier Safety Administration (FMCSA) and update insurance records to mask their activity until brokers report missing shipments booked in the carrier's name.

An industry monitoring platform underscored the point: in February, Have I Been Squatted reported that the financially motivated group Diesel Vortex was stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks that had been running since September 2025 and were using 52 domains.

FBI mitigation advice for freight brokers and carriers

To disrupt the chain of compromise, the FBI's PSA offers concrete steps. It urges transportation and logistics companies to verify all shipment requests through secondary channels, implement and enforce multi-factor authentication when possible, validate unexpected communications using a two-factor authentication process, and maintain detailed records of all vehicles and drivers. The bureau also recommends that victims file a complaint with the Internet Crime Complaint Center (IC3) in addition to filing police reports for stolen cargo.

Related cybercrime context: IC3 and the 2025 Internet Crime Report

The FBI released its 2025 Internet Crime Report earlier in the month. According to the report, IC3 received over 1 million complaints in 2025, linked to nearly $21 billion in reported losses from a range of cyber-enabled crimes, including investment scams, tech support fraud, business email compromise, and data breaches. The PSA identifies the transportation and logistics sectors specifically as targets — covering companies involved in shipping, receiving, delivering, and insuring cargo.

How freight brokers and carriers, insurers, and the FMCSA will be affected

  • Freight brokers and carriers: The FBI's advisory makes clear these organizations must treat load-board listings and unexpected booking notices with heightened suspicion, verify requests via secondary channels, and harden access with multi-factor authentication to reduce credential theft and account takeover.
  • Insurers and underwriters: Because attackers have been updating insurance records and carrier registrations, insurers should expect attempts to alter policy and registration data; the PSA implies a need for stricter validation of policy changes tied to carrier identities.
  • The Federal Motor Carrier Safety Administration (FMCSA) and law enforcement: The FBI reports attackers are altering FMCSA registration details, which will complicate attribution and response. FMCSA records and police reports will likely be necessary tools for detecting and unraveling these schemes once brokers alert authorities to missing shipments.

The FBI's PSA frames cyber-enabled cargo theft not as isolated fraud but as a coordinated campaign that combines credential theft, impersonation on load boards, administrative tampering with regulatory and insurance records, and on-the-ground diversion. Losses approaching $725 million and an average theft value near $274,000 show the financial scale; the bureau's guidance — verify, authenticate, document, and report to IC3 and police — is the current line of defense the agency offers to an industry now squarely in attackers' sights.

Original story

CanadaEmerging ThreatsFbiFinancial CrimeSupply ChainTransportationUnited StatesCargo TheftCyber-Enabled Cargo TheftNationwide Threats
Related Intelligence

Continue Reading

Law enforcement officials stand near a podium with symbolic objects, including a laptop and papers, in a brightly-lit…

FBI dismantles $1.9B China cybercrime network

In a major breakthrough, the FBI, with the help of Google and Lumen Technologies, has dismantled a massive $1.9 billion China-based cybercrime network that impersonated trusted brands to scam hundreds of thousands of victims. This coordinated takedown, part of Operation Riptide, seized key infrastructure and domains used by the group.

Analyst 207
University campus scene with students walking near a building, laptop on a bench.

ShinyHunters Exploits Oracle Flaw to Breach Universities

A zero-day flaw in Oracle PeopleSoft PeopleTools, known as CVE-2026-35273, has been exploited by ShinyHunters, potentially infiltrating over 100 organizations, with universities being the hardest hit. This vulnerability allows attackers to execute remote code and take over affected servers, posing a significant threat to higher education institutions.

Analyst 207
Defendant sits in federal court with blurred face, hands visible, in front of judge's bench and US flag.

Conti Ransomware Member Pleads Guilty to Cybercrimes

A longtime member of the notorious Conti ransomware group has pleaded guilty to cybercrimes in federal court, marking a major win for justice after the defendant's attacks caused millions of dollars in damage to people and businesses worldwide. Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, admitted to developing malware and participating in Conti's ransomware campaign.

Analyst 207
Federal officials stand near a large screen in a government briefing room.

Authorities Disrupt Massive Deepfake Porn Site in Global Operation

In a major global crackdown, authorities have shut down a notorious deepfake porn site that was profiting from the humiliation, exploitation, and violation of personal privacy of thousands of women, including celebrities and public figures. The site's massive collection of AI-altered images and videos has been seized, putting an end to its large-scale trafficking of digital forgeries.

Analyst 207