Cybercriminals are increasingly targeting trucking and logistics companies with remote monitoring and management (RMM) software to infiltrate systems, gain control, and ultimately steal physical freight, according to Proofpoint. The threat group, active since mid-2025, appears to be working with organized crime networks to bid on and divert legitimate shipments—most often food and beverage cargo that is later sold online or shipped overseas.

In this latest campaign, attackers use compromised email accounts to hijack freight negotiations and post fraudulent listings on load boards. Unsuspecting carriers who inquire about these loads receive emails containing malicious links that deploy legitimate RMM tools such as ScreenConnect, SimpleHelp, or LogMeIn Resolve. Once installed, the attackers conduct network reconnaissance, harvest credentials, and in some cases, manipulate dispatch systems to reroute shipments under compromised carrier identities.

Proofpoint warns that the use of legitimate RMM software makes detection challenging, as these tools are common in enterprise environments and often evade antivirus filters. By exploiting trust and urgency within freight transactions, attackers can operate under the guise of normal business activity. The trend underscores the growing convergence of cyber intrusions and real-world theft, where digital access is weaponized for direct financial and physical gain.