{"id":104593,"date":"2026-02-27T12:25:31","date_gmt":"2026-02-27T15:25:31","guid":{"rendered":"https:\/\/shipping.einnews.com\/article\/896153854"},"modified":"2026-02-27T12:25:31","modified_gmt":"2026-02-27T15:25:31","slug":"russian-cybercrime-ring-targeted-freight-firms-in-us-europe-report-says","status":"publish","type":"post","link":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/2026\/02\/27\/russian-cybercrime-ring-targeted-freight-firms-in-us-europe-report-says\/","title":{"rendered":"Russian cybercrime ring targeted freight firms in US, Europe, report says"},"content":{"rendered":"
<\/div>\n

A Russian-linked phishing-as-a-service group ran a months-long phishing campaign targeting freight and logistics companies across the U.S. and Europe, stealing more than 1,600 login credentials.<\/p>\n

The group dubbed \u201cDiesel Vortex\u201d \u2014 operated from at least September 2025 through February, focusing on platforms widely used by brokers, carriers and supply chain operators, according to a joint investigation<\/a> released on Tuesday by cybersecurity researchers Have I Been Squatted<\/a> and Ctrl-Alt-Intel.<\/p>\n

The investigation found 1,649 unique credentials were compromised, drawn from 3,474 stolen login pairs. Impacted parties included users of DAT Truckstop, Penske Logistics, Electronic Funds Source (EFS), Timocom and other freight-focused systems, according to the report.<\/p>\n

Researchers described Diesel Vortex as a structured phishing-as-a-service operation, not a lone hacker. The group built dedicated phishing infrastructure for logistics load boards, fleet portals and fuel card systems, using targeted email and voice phishing to capture credentials and multi-factor authentication codes in real time.<\/p>\n

\n

window.googletag = window.googletag || {cmd: []}; googletag.cmd.push(function() { googletag.defineSlot(‘\/21776187881\/FW-Responsive-Main_Content-Slot1’, [[300, 100], [320, 50], [728, 90], [468, 60]], ‘div-gpt-ad-1709668545404-0’).defineSizeMapping(gptSizeMaps.banner1).addService(googletag.pubads()); googletag.pubads().enableSingleRequest(); googletag.pubads().collapseEmptyDivs(); googletag.enableServices(); });\n<\/p>\n<\/p><\/div>\n

\n

A key breakthrough in the investigation came after analysts discovered an exposed .git directory on a phishing domain, enabling them to reconstruct the group\u2019s codebase and review a 36.6MB SQL database dump dated Feb. 4, Have I Been Squatted and Ctrl-Alt-Intel said in the report.<\/p>\n

That database showed 52 phishing domains deployed, more than 75,000 targeted contact emails and 35 confirmed EFS check fraud attempts.<\/p>\n

Diesel Vortex also used a dual-domain architecture designed to evade detection, with one \u201cadvertise\u201d domain visible to victims and a hidden \u201csystem\u201d domain loading phishing content inside an iframe, an element that loads another HTML element inside of a web page, such as external ads, videos or tags.<\/p>\n

Operators controlled victim sessions through a Telegram-based console, steering targets through credential capture flows and secondary email phishing modules in real time. <\/p>\n

According to the report, the platform was internally branded \u201cGlobalProfit\u201d and appeared to be under active development as a broader phishing-as-a-service product, potentially marketed to other operators. <\/p>\n

Have I Been Squatted and Ctrl-Alt-Intel said they coordinated with multiple industry partners during the investigation and worked to notify affected parties.<\/p>\n

\n

window.googletag = window.googletag || {cmd: []}; googletag.cmd.push(function() { googletag.defineSlot(‘\/21776187881\/fw-responsive-main_content-slot3’, [[728, 90], [468, 60], [320, 50], [300, 100]], ‘div-gpt-ad-1665767553440-0’).defineSizeMapping(gptSizeMaps.banner1).addService(googletag.pubads()); googletag.pubads().enableSingleRequest(); googletag.pubads().collapseEmptyDivs(); googletag.enableServices(); });\n<\/p>\n<\/p><\/div>\n<\/div>\n

<\/a><\/strong> <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

… months-long phishing campaign targeting freight<\/span> and logistics companies across the … Source (EFS), Timocom and other freight<\/span>-focused systems, according to the …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-104593","post","type-post","status-publish","format-standard","hentry","category-news","wpcat-1-id"],"_links":{"self":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/104593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/comments?post=104593"}],"version-history":[{"count":0,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/posts\/104593\/revisions"}],"wp:attachment":[{"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/media?parent=104593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/categories?post=104593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new7.shop\/zerocostfreehost\/index.php\/wp-json\/wp\/v2\/tags?post=104593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}