TRACE Cyber Intelligence Pulse - 7 November 2025
Cyber threats do not wait for you to catch up. Stay ahead with CyXcel’s weekly threat intelligence foresight, grounded in real-world incident response and powered by our fusion of legal, technical and strategic expertise.
Edited by: Samuel Kudláč, Senior Analyst, and Danny Howett, Technical Director – Digital Forensics and Incident Response.
In Focus
Cybercriminals Target Freight and Trucking Companies in Cargo Theft Operations
Since at least June 2025, cybercriminals have targeted North America-based trucking and freight companies through phishing campaigns to compromise load board accounts, post fraudulent cargo listings and coordinate physical theft of the cargo.
Researchers have observed over 20 campaigns since September 2025, targeting a wide range of entities including both small family carriers and large integrated logistics providers.
Specifically, threat actors were observed delivering remote monitoring and management (RMM) tools to compromise marketplaces where carriers book freight and then deploying credential harvesting tools, stealing dispatcher access, booking legitimate shipments under compromised identities and finally physically stealing the cargo.
Key Takeaways
Cargo theft represents a USD 34 billion annual loss industry primarily driven by organized crime groups. Digital transformation of supply chains has created new attack vectors, with cyber-enabled theft emerging as the dominant method since the COVID-19 pandemic accelerated digitization of logistics and e-commerce sectors. The US National Insurance Crime Bureau reports cargo theft increased 27 percent in 2024 with another 22 percent rise projected for 2025.
The threat actors have demonstrated detailed knowledge of freight brokerage operations, exploiting the inherent trust in load board communications. Using legitimate RMM tools, they evade detection more clandestinely than by leveraging traditional remote access trojans. This aligns with the broader trends in the cybercriminal landscape, as threat actors increasingly favor legitimate software as a first stage payload.
These operations create cascading supply chain disruptions affecting multiple industries, including consumer goods and electronics. Stolen cargo typically enters illicit resale markets online or is shipped overseas, generating substantial criminal revenue while imposing direct financial losses on carriers and indirect costs through insurance claims, delivery delays and reputational damage.
Because of the increasing volume and sophistication of these campaigns, it is highly likely that cybercriminals are systematically scaling their operational tempo. Organizations in the transportation and logistics sectors are advised to restrict installation of unapproved RMM tools, monitor network traffic for unauthorized connections and enforce strict controls on executable file downloads. We also recommend specialized staff training focusing on identifying fraudulent load postings and highly targeted spear phishing.
Around the Globe
EU: Data Brokers Sell Geolocation Data of EU Officials
Investigative journalists purchased and analyzed location data for hundreds of European Commission and Parliament officials from data brokers, exposing gaps in the enforcement of EU privacy laws. The datasets revealed movement profiles, private addresses and sensitive locations linked to senior officials prompting new operational security measures and incident notification guidance for EU staff.
UK: Drinking Water Suppliers in the UK Report Five Cyber Incidents Since 2024
Since January 2024, UK drinking water suppliers have suffered five breaches, marking the highest number of reported incidents reported to the Drinking Water Inspectorate in any two-year period. The incidents affected non-critical systems and have not disrupted water supply. They were reported voluntarily, since the current regulatory threshold only mandates breach disclosure when essential services are disrupted.
US: Two Ransomware Negotiators Indicted for Conducting Ransomware Breaches
Two former cybersecurity professionals were indicted in the US for ransomware and extortion operations against multiple firms in the manufacturing and pharmaceutical sector. It is claimed they used the ALPHV (BlackCat) ransomware in 2023 to demand USD 10 million in ransom, receiving over USD 1.2 million from one victim.
We Can Help
Expand your threat intelligence monitoring capabilities beyond the dark web with support from CyXcel’s TRACE team. Contact our experts today to find out more.
Photo by Mohammad Honarmand on Unsplash.