Remote Access, Real Cargo: Cybercriminals Targeting Trucking and Logistics

    Tuesday, November 4, 2025 In: Threat Research Print

    Date: 11/04/2025

    Severity: High

    Summary

    Cybercriminals are targeting trucking and freight companies through complex attack chains to steal cargo shipments. Cargo theft has become a multi-million-dollar industry, with digital transformation fueling a surge in cyber-enabled theft. Attackers infiltrate logistics firms and exploit their access to bid on shipments, which they then steal and resell. These threat actors often deploy remote monitoring and management (RMM) tools as initial payloads, reflecting a growing trend across the cybercrime ecosystem. Munich RE reports global cargo theft hotspots in Brazil, Mexico, India, the U.S., Germany, Chile, and South Africa, with food and beverage goods being the most frequently targeted.

    Indicators of Compromise (IOC) List 

    Domains\URLs : 

    carrier-packets.net

    claimeprogressive.com

    confirmation-rate.com

    wjwrateconfirmation.com

    rateconfirm.net

    ilove-pdf.net

    vehicle-release.com

    carrierpack.net

    car-hauling.com

    carrier-packets.com

    i-lovepdf.net

    fleetcarrier.net

    scarrierpack.com

    carrieragreements.com

    brokeragepacket.com

    brokerpackets.com

    centraldispach.net

    carriersetup.net

    brokercarriersetup.com

    carrierpacket.online

    billpay-info.com

    nextgen223.com

    fleetgo0.com

    nextgen1.net

    nextgen01.net

    ratecnf.com

    ratecnf.net

    dwssa.top

    ggdt35.anondns.net

    qtq2haw.anondns.net

    officews101.com

    instance-hirb01-relay.screenconnect.com

    IP Address : 

    185.80.234.36

    147.45.218.66

    Hash : 

    70983c62244c235d766cc9ac1641e3fb631744bc68307734631af8d766f25acf

    4e6f65d47a4d7a7a03125322e3cddeeb3165dd872daf55cd078ee2204336789c

    cf0cee4a57aaf725341d760883d5dfb71bb83d1b3a283b54161403099b8676ec

    913375a20d7250f36af1c8e1322d1541c9582aa81b9e23ecad700fb280ef0d8c

    8a00b3b3fd3a8f6b3ec213ae2ae4efd41dd5738b992560010ab0367fee72cd2a

    559618e2ffbd3b8b849a6ad0d73a5630f87033976c7adccbd80c41c0b2312765

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query  1:

    domainname like "ilove-pdf.net" or url like "ilove-pdf.net" or siteurl like "ilove-pdf.net" or domainname like "nextgen1.net" or url like "nextgen1.net" or siteurl like "nextgen1.net" or domainname like "confirmation-rate.com" or url like "confirmation-rate.com" or siteurl like "confirmation-rate.com" or domainname like "rateconfirm.net" or url like "rateconfirm.net" or siteurl like "rateconfirm.net" or domainname like "carrier-packets.com" or url like "carrier-packets.com" or siteurl like "carrier-packets.com" or domainname like "carrier-packets.net" or url like "carrier-packets.net" or siteurl like "carrier-packets.net" or domainname like "brokercarriersetup.com" or url like "brokercarriersetup.com" or siteurl like "brokercarriersetup.com" or domainname like "dwssa.top" or url like "dwssa.top" or siteurl like "dwssa.top" or domainname like "wjwrateconfirmation.com" or url like "wjwrateconfirmation.com" or siteurl like "wjwrateconfirmation.com" or domainname like "centraldispach.net" or url like "centraldispach.net" or siteurl like "centraldispach.net" or domainname like "ggdt35.anondns.net" or url like "ggdt35.anondns.net" or siteurl like "ggdt35.anondns.net" or domainname like "qtq2haw.anondns.net" or url like "qtq2haw.anondns.net" or siteurl like "qtq2haw.anondns.net" or domainname like "brokerpackets.com" or url like "brokerpackets.com" or siteurl like "brokerpackets.com" or domainname like "fleetcarrier.net" or url like "fleetcarrier.net" or siteurl like "fleetcarrier.net" or domainname like "billpay-info.com" or url like "billpay-info.com" or siteurl like "billpay-info.com" or domainname like "carriersetup.net" or url like "carriersetup.net" or siteurl like "carriersetup.net" or domainname like "i-lovepdf.net" or url like "i-lovepdf.net" or siteurl like "i-lovepdf.net" or domainname like "ratecnf.net" or url like "ratecnf.net" or siteurl like "ratecnf.net" or domainname like "claimeprogressive.com" or url like "claimeprogressive.com" or siteurl like "claimeprogressive.com" or domainname like "vehicle-release.com" or url like "vehicle-release.com" or siteurl like "vehicle-release.com" or domainname like "carrierpack.net" or url like "carrierpack.net" or siteurl like "carrierpack.net" or domainname like "car-hauling.com" or url like "car-hauling.com" or siteurl like "car-hauling.com" or domainname like "scarrierpack.com" or url like "scarrierpack.com" or siteurl like "scarrierpack.com" or domainname like "carrieragreements.com" or url like "carrieragreements.com" or siteurl like "carrieragreements.com" or domainname like "brokeragepacket.com" or url like "brokeragepacket.com" or siteurl like "brokeragepacket.com" or domainname like "carrierpacket.online" or url like "carrierpacket.online" or siteurl like "carrierpacket.online" or domainname like "nextgen223.com" or url like "nextgen223.com" or siteurl like "nextgen223.com" or domainname like "fleetgo0.com" or url like "fleetgo0.com" or siteurl like "fleetgo0.com" or domainname like "nextgen01.net" or url like "nextgen01.net" or siteurl like "nextgen01.net" or domainname like "ratecnf.com" or url like "ratecnf.com" or siteurl like "ratecnf.com" or domainname like "officews101.com" or url like "officews101.com" or siteurl like "officews101.com" or domainname like "instance-hirb01-relay.screenconnect.com" or url like "instance-hirb01-relay.screenconnect.com" or siteurl like "instance-hirb01-relay.screenconnect.com"

    Detection Query  2:

    dstipaddress IN ("147.45.218.66","185.80.234.36") or srcipaddress IN ("147.45.218.66","185.80.234.36")

    Detection Query  2:

    sha256hash IN ("8a00b3b3fd3a8f6b3ec213ae2ae4efd41dd5738b992560010ab0367fee72cd2a","913375a20d7250f36af1c8e1322d1541c9582aa81b9e23ecad700fb280ef0d8c","559618e2ffbd3b8b849a6ad0d73a5630f87033976c7adccbd80c41c0b2312765","70983c62244c235d766cc9ac1641e3fb631744bc68307734631af8d766f25acf","4e6f65d47a4d7a7a03125322e3cddeeb3165dd872daf55cd078ee2204336789c","cf0cee4a57aaf725341d760883d5dfb71bb83d1b3a283b54161403099b8676ec")

    Reference:

    https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics


    Tags

    Threat ActorCargoTruckingFreightRemote monitoring and management (RMM)BrazilMexicoIndiaUnited StatesGermanyChileSouth AfricaTransportation SystemsFood and Agriculture

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.