Hackers Use Rmm Tools To Breach Freighters And Steal Cargo Shipments

Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods.

Researchers tracked the activity to June, but they found evidence of these types of campaigns delivering NetSupport and ScreenConnect since January.

According to email security firm Proofpoint, these attacks is becoming more popular, with nearly two dozen campaigns recorded since August, each of them sending up to a thousand messages.

The targets are primarily North American entities; however, Proofpoint has also observed similar activity in Brazil, Mexico, India, Germany, Chile, and South Africa.

Cargo theft involves stealing commercial shipments by hijacking trucks or trailers in transit, by re-routing them, or by impersonating legitimate carriers. The goods are then redirected to fraudulent pickup points.

The National Insurance Crime Bureau (NICB) estimates cargo theft losses in the U.S. to $35 billion annually.

Today, cybercriminals focus on exploiting gaps in the digital segment of the supply chain that helps companies move goods more efficiently.

The attacker’ primary goal is to install RMMs like ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve on the target companies’ systems, which give them full remote control, reconnaissance, and credential harvesting capabilities.

To achieve this goal, they use compromised accounts for load boards to post fraudulent freight listings, or breach broker and dispatcher email accounts, and then hijack email threads to lead victims to a malicious URL.

According to the researchers, the threat actor achieves their goal by sending emails directly to asset-based carriers, freight brokerage firms, and integrated supply-chain providers, but this occurred mostly for larger entities.

Source: BleepingComputer