{"id":101212,"date":"2026-02-24T19:13:43","date_gmt":"2026-02-24T22:13:43","guid":{"rendered":"https:\/\/shipping.einnews.com\/article\/895214769"},"modified":"2026-02-24T19:13:43","modified_gmt":"2026-02-24T22:13:43","slug":"phishing-operation-with-links-to-russia-armenia-compromised-western-cargo-companies-researchers-find","status":"publish","type":"post","link":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/2026\/02\/24\/phishing-operation-with-links-to-russia-armenia-compromised-western-cargo-companies-researchers-find\/","title":{"rendered":"Phishing operation with links to Russia, Armenia compromised Western cargo companies, researchers find"},"content":{"rendered":"
<\/div>\n
\n

Researchers have uncovered and taken down the infrastructure of a phishing operation run by Russian cybercriminals targeting freight companies in the U.S. and Europe.  <\/p>\n

Over a five-month period, the group, dubbed Diesel Vortex, stole more than 1,600 login credentials from accounts at logistics platforms, which allowed thieves to intercept and divert freight shipments and commit check fraud.  <\/p>\n

The researchers with the domain protection platform Have I Been Squatted discovered<\/a> an exposed .git directory, which revealed the ins and outs of the operation, including messages sent between the cybercriminals.  <\/p>\n

The leaked repository exposed a phishing-as-a-service platform that was in the works to be marketed to customers as \u201cMC Profit Always,\u201d a likely reference to \u201cmotor carriers.\u201d  <\/p>\n

The Diesel Vortex cybercriminals built phishing infrastructure targeting users of the platforms that power the freight and logistics industries, like load boards \u2014 marketplaces where shippers, brokers and carriers connect \u2014 fleet management portals and fuel card systems.  <\/p>\n

They impersonated carriers and brokers and were able to access freight systems. Messages seem to show them engaged in \u201cdouble-brokering,\u201d when loads are booked with a stolen carrier identity before the freight is reassigned to a different carrier.  <\/p>\n

The researchers were able to find the outfit\u2019s organizational map, revealing a sophisticated operation including a call center, mail support and employees responsible for connecting with drivers and other logistics contacts. <\/p>\n

\u201cThis blueprint only reinforced what the codebase had already made clear: this was not an opportunistic campaign. It was a deliberate, structured criminal enterprise with defined roles, revenue targets, and a long-term growth strategy,\u201d Have I Been Squatted researchers wrote.  <\/p>\n

The company worked in collaboration with the cyber threat research outfit Ctrl-Alt-Int3l<\/a>, which discovered in the phishing panel source code mention of a domain registered through a Russian provider and linked to a Russian-registered email address. <\/p>\n

That email was then linked through corporate records to several Russian companies working in warehousing, transportation and wholesale trade. Recorded Future News reached out to the email address for comment and as of press time had not received a reply.   <\/p>\n

Along with clear links to Russia, Armenian-speaking operators were also involved in the operation, with one of the criminals telling another he was located in Yerevan. In one chat, a member of the group asks in Armenian if they have the credentials of a carrier with \u201c250k cargo\u201d \u2014 in other words, one insured to carry high-value freight.  <\/p>\n

According to the researchers, Google Threat Intelligence Group, Cloudflare, GitLab, IPInfo and Ping Identity were involved in taking down the infrastructure.  <\/p>\n

Cargo theft has exploded in recent years, driven by the increasingly digital nature of the business, with annual losses estimated to be around $35 billion. In November, researchers at Proofpoint documented a hacking campaign<\/a> with links to organized crime targeting trucking and logistics companies with remote monitoring tools.   <\/p>\n

Last month, the House Judiciary Committee advanced the \u201cCombatting Organized Retail Crime Act of 2025<\/a>,\u201d a bill to establish a coordinated federal response to cargo theft. It would also create new criminal penalties for the laundering of illicit proceeds or the sale of stolen goods. <\/p>\n<\/div>\n

\n
Get more insights with the <\/p>\n

Recorded Future<\/p>\n

Intelligence Cloud.<\/p>\n<\/div>\n

Learn more.<\/a><\/div>\n

<\/a><\/strong> <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

… to intercept and divert freight<\/span> shipments and commit check … the platforms that power the freight<\/span> and logistics industries, like … carrier identity before the freight<\/span> is reassigned to a … 250k cargo<\/span>\u00e2\u0080\u009d \u00e2\u0080\u0094 in other words, one insured to carry high-value freight<\/span> …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-101212","post","type-post","status-publish","format-standard","hentry","category-news","wpcat-1-id"],"_links":{"self":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/101212","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/comments?post=101212"}],"version-history":[{"count":0,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/101212\/revisions"}],"wp:attachment":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/media?parent=101212"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/categories?post=101212"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/tags?post=101212"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}