FBI Warns of Surge in Hacker-Enabled Cargo Theft

A new alert issued by the FBI warns of a surge in cyber-enabled cargo theft, with hackers targeting both brokers and carriers in sophisticated attacks. The FBI’s warning is not surprising. In late 2025, cybersecurity firm Proofpoint reported observing such attacks. At around the same time, the National Motor Freight Traffic Association (NMFTA) warned the logistics and transportation industry that traditional cargo theft is being rapidly replaced by cyber-enabled heists.  Cargo theft caused more than $700 million in losses in 2025 — a 60% increase over 2024 — driven by criminal gangs targeting high-value goods. According to the FBI, cargo theft enabled by hackers has been observed since at least 2024. Threat actors are using fake emails, phishing sites, malware, and remote management software to achieve their goals. The agency has described a typical attack scenario. It begins with an email sent to a shipping broker. These emails often look like routine business requests or complaints, but they contain links pointing to malicious websites set up to serve malware and remote access tools that give the attackers complete control over the targeted company’s internal systems. The attackers also abuse trucking load boards, where companies post available freight and carriers look for jobs. Compromised broker accounts are used to post fake listings to lure legitimate carriers, tricking them into downloading malware that gives the attackers access to their systems. The hackers then use the stolen carrier identities to bid on real, high-value shipments. To look more legitimate, they even hack into federal databases to update insurance information and contact details. Once the thieves win a contract, they perform an illegal double-brokering maneuver, hiring a different, potentially unsuspecting driver to pick up the goods. The obtained loads are cross-docked or transloaded (ie, quickly picked up from the warehouse where they were dropped off or directly transferred to a complicit carrier) to be sold on the black market.  In some cases, the thieves even hold the cargo for ransom, demanding payment from the original broker just to reveal where the stolen goods are hidden. The FBI has shared indicators that companies can use to determine whether they are being targeted in such schemes. Indicators include contact about unauthorized shipments, suspicious email addresses, requests to download documents or forms via shortened or spoofed links, and unauthorized forwarding or autodeletion rules in email accounts. Related: FBI Warns of Data Security Risks From China-Made Mobile Apps Related: FBI: $20 Million Losses Caused by 700 ATM Jackpotting Attacks in 2025 Related: FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes WRITTEN BY Eduard Kovacs Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering. More from Eduard Kovacs Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks EnOcean SmartServer Flaws Expose Buildings to Remote Hacking Sandhills Medical Says Ransomware Breach Affects 170,000 Hundreds of Internet-Facing VNC Servers Expose ICS/OT 38 Vulnerabilities Found in OpenEMR Medical Software Critical GitHub Vulnerability Exposed Millions of Repositories Vimeo Confirms User and Customer Data Breach Robinhood Vulnerability Exploited for Phishing Attacks Latest News New Bluekit Phishing Kit Features AI Assistant In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool Vulnerability  Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge Two US Security Experts Sentenced to Prison for Helping Ransomware Gang Sophisticated Deep#Door Backdoor Enables Espionage, Disruption Cisco Releases Open Source Tool for AI Model Provenance  Hugging Face, ClawHub Abused for Malware Distribution 1,800 Hit in Mini Shai-Hulud Attack on SAP, Lightning, Intercom Trending Webinar: A Step-By-Step Approach To AI Governance April 28, 2026 With "Shadow AI" usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls required for enterprise-grade deployment. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Chris Sistrunk has been promoted to Practice Leader for Mandiant's OT Security Consulting. Nudge Security has appointed Patrick Dillon as its Chief Revenue Officer. AutoNation has appointed Brian Fricke as Chief Information Security Officer. More People On The Move Expert Insights The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) The New Rules Of Engagement: Matching Agentic Attack Speed The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural. (Nadir Izrael) Flipboard Reddit Whatsapp Email