446/68 Wednesday, November 5, 2025
Cybersecurity researchers are warning that cybercriminals are abusing Remote Monitoring and Management (RMM) tools such as ScreenConnect, SimpleHelp, PDQ Connect, and LogMeIn Resolve to infiltrate transportation carriers and freight brokerage companies. Attackers install remote-control software through malicious links or phishing emails, take over employee accounts, and gain access to shipment scheduling systems. The main targets are companies in North America, but attacks have also been observed in Brazil, Mexico, India, Germany, Chile, and South Africa.
The attackers use social engineering by impersonating legitimate freight brokers or logistics companies, sending emails offering urgent shipment opportunities. The email contains a link directing victims to a fake website that prompts them to download an .EXE or .MSI file, which silently installs the RMM tool. Once the attackers gain remote access to a workstation, they can modify booking data, disable notifications, add their own phone numbers or devices to the employee’s telephony system, and schedule shipments on behalf of the victim company—allowing them to steal cargo such as food, beverages, and electronics, then resell or export the goods.
Researchers believe the attacks are tied to organized crime networks, with coordinated efforts to identify high-value routes and cargo, then systematically steal shipments. Alongside RMM tools, infostealer malware such as NetSupport, DanaBot, Lumma Stealer, and StealC has been observed in related campaigns.
Experts recommend that transportation and logistics companies:
- Restrict installation of unauthorized RMM tools
- Block .EXE and .MSI attachments in email systems
- Continuously monitor network connections and remote-access sessions
These measures can help prevent unauthorized system takeover and cargo theft.
