Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0 views admin
Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. and Europe in phishing attacks using 52 domains.

In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry.

Some of the Diesel Vortex victims include DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS).

Researchers at the typosquatting monitoring platform Have I Been Squatted uncovered the campaign after finding an exposed repository containing an SQL database from a phishing project that the threat actor called Global Profit and marketed it to other cybercriminals under the name MC Profit Always.

The repository also included a file with Telegram webhook logs that revealed communications between the phishing service operators. Based on the language used, the researchers believe that Diesel Vortex is an Armenian-speaking actor connected to Russian infrastructure.

Have I Been Squatted's analysis efforts were joined by tokenization infrastructure provider Ctrl-Alt-Intel, which connected the dots between operators, infrastructure, and connections to various companies using open-source intelligence.

In a lengthy technical report, the typosquatting protection provider states that it uncovered nearly 3,500 stolen credential pairs, with 1,649 of them being unique.

The researchers say that they also found a link to a mind map created by a member of the group, which describes a "highly organised operation" complete with a call-centre, mail support, programmer rols, and staff responsible for finding drivers, carriers, and logistics contacts.

Furthermore, the map provided details about acquisition channels that included the DAT One marketplace, email campaigns, rate confirmation fraud, and revenue for various operational tiers.

“The [Diesel Vortex] group built dedicated phishing infrastructure for platforms used daily by freight brokers, trucking companies, and supply chain operators. Load boards, fleet management portals, fuel card systems, and freight exchanges were all in scope,” Have I Been Squatted researchers say.

Source: BleepingComputer

🏷️ Tags

attackthreat

More from Cybersecurity

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0
Cyber: Critical Lazarus Group Picks A New Poison: Medusa Ransomware

Cyber: Critical Lazarus Group Picks A New Poison: Medusa Ransomware

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views