FBI Warns of Surge in Hacker-Enabled Cargo Theft

Summary

The FBI has issued an alert about a significant rise in cyber-enabled cargo theft, where criminal enterprises use phishing, malware, and remote access tools to compromise shipping brokers and carriers. Attackers exploit compromised accounts on trucking load boards, impersonate legitimate carriers, and perform double-brokering schemes to steal high-value shipments for resale or ransom, with cargo theft losses reaching over $700 million in 2025—a 60% increase from 2024.

Full text

A new alert issued by the FBI warns of a surge in cyber-enabled cargo theft, with hackers targeting both brokers and carriers in sophisticated attacks. The FBI’s warning is not surprising. In late 2025, cybersecurity firm Proofpoint reported observing such attacks. At around the same time, the National Motor Freight Traffic Association (NMFTA) warned the logistics and transportation industry that traditional cargo theft is being rapidly replaced by cyber-enabled heists. Cargo theft caused more than $700 million in losses in 2025 — a 60% increase over 2024 — driven by criminal gangs targeting high-value goods. According to the FBI, cargo theft enabled by hackers has been observed since at least 2024. Threat actors are using fake emails, phishing sites, malware, and remote management software to achieve their goals. The agency has described a typical attack scenario. It begins with an email sent to a shipping broker. These emails often look like routine business requests or complaints, but they contain links pointing to malicious websites set up to serve malware and remote access tools that give the attackers complete control over the targeted company’s internal systems. The attackers also abuse trucking load boards, where companies post available freight and carriers look for jobs. Compromised broker accounts are used to post fake listings to lure legitimate carriers, tricking them into downloading malware that gives the attackers access to their systems.Advertisement. Scroll to continue reading. The hackers then use the stolen carrier identities to bid on real, high-value shipments. To look more legitimate, they even hack into federal databases to update insurance information and contact details. Once the thieves win a contract, they perform an illegal double-brokering maneuver, hiring a different, potentially unsuspecting driver to pick up the goods. The obtained loads are cross-docked or transloaded (ie, quickly picked up from the warehouse where they were dropped off or directly transferred to a complicit carrier) to be sold on the black market. In some cases, the thieves even hold the cargo for ransom, demanding payment from the original broker just to reveal where the stolen goods are hidden. The FBI has shared indicators that companies can use to determine whether they are being targeted in such schemes. Indicators include contact about unauthorized shipments, suspicious email addresses, requests to download documents or forms via shortened or spoofed links, and unauthorized forwarding or autodeletion rules in email accounts. Related: FBI Warns of Data Security Risks From China-Made Mobile Apps Related: FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025 Related: FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes Written By Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Sandhills Medical Says Ransomware Breach Affects 170,000Hundreds of Internet-Facing VNC Servers Expose ICS/OT38 Vulnerabilities Found in OpenEMR Medical SoftwareCritical GitHub Vulnerability Exposed Millions of RepositoriesVimeo Confirms User and Customer Data BreachRobinhood Vulnerability Exploited for Phishing AttacksElectric Motorcycles and Scooters Face Hacking Risks to Security and Rider SafetyMedtronic Hack Confirmed After ShinyHunters Threatens Data Leak Latest News Hugging Face, ClawHub Abused for Malware Distribution1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, IntercomAnthropic Unveils Claude Security to Counter AI-Powered Exploit SurgeAI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to HoursSonicWall Urges Immediate Patching of Firewall VulnerabilitiesSAP NPM Packages Targeted in Supply Chain AttackCritical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain AttacksEnOcean SmartServer Flaws Expose Buildings to Remote Hacking Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: A Step-by-Step Approach to AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection and Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the MoveAutoNation has appointed Brian Fricke as Chief Information Security Officer.Varun Kohli has joined GetReal Security as Chief Marketing Officer.MongoDB has appointed Doug Bowers as Chief Information Security Officer.More People On The MoveExpert Insights The Mythos Moment: Enterprises Must Fight Agents with Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win the Cyber War Without the Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Whatsapp Email

Indicators of Compromise

• malware — Remote access tools / RATs
• malware — Malware delivered via phishing sites

Entities