✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Logistics/Procurement
Breach intelligence, attack campaigns, and threat reports targeting the Logistics/Procurement sector.
Explore Other Sectors
Logistics/Procurement Threat Reports
Phantom Stealer: The Rise of Fileless Malware Targeting Financial Institutions
In June 2026, a sophisticated phishing campaign targeted banks and high-value organizations, deploying Phantom Stealer—a fileless malware designed to evade traditional endpoint defenses. The attack began with phishing emails containing seemingly legitimate business documents. Upon opening, a heavily obfuscated batch file initiated a multistage infection chain, injecting Phantom Stealer into the Windows Explorer process. Operating entirely in memory, the malware silently exfiltrated browser credentials, session cookies, and financial data through multiple channels, including Telegram, Discord, FTP, and SMTP. This incident underscores the evolving tactics of cybercriminals, highlighting the increasing use of fileless malware and advanced evasion techniques. Organizations must enhance their security posture by adopting behavior-based detection systems and educating employees on recognizing sophisticated phishing attempts to mitigate such threats.
1 week ago
Kill Chain
Critical Vulnerability in Universal Robots' PolyScope 5: CVE-2026-8153
In May 2026, a critical command injection vulnerability (CVE-2026-8153) was discovered in the Dashboard Server interface of Universal Robots' PolyScope 5 software. This flaw allowed unauthenticated attackers with network access to execute arbitrary commands on the robot's operating system, potentially leading to full system compromise. Universal Robots promptly addressed the issue by releasing version 5.25.1, which patches the vulnerability. Organizations utilizing affected versions are strongly advised to update immediately to mitigate potential risks. This incident underscores the growing cybersecurity challenges in operational technology (OT) environments, particularly as industrial systems become more interconnected. The exploitation of such vulnerabilities can lead to significant operational disruptions and safety hazards, highlighting the need for robust security measures and timely software updates in critical infrastructure.
1 month ago
Kill Chain
Cyber-Enabled Cargo Theft: A $725 Million Wake-Up Call for the Transportation Industry
In 2025, cybercriminals orchestrated a series of sophisticated attacks targeting the transportation and logistics sectors, resulting in approximately $725 million in cargo theft losses across North America. These threat actors employed phishing emails, spoofed websites, and compromised carrier accounts to infiltrate freight brokers and carriers. Once inside, they posted fraudulent listings on load boards, deceiving legitimate carriers into transporting shipments to unauthorized destinations controlled by the criminals. This method allowed entire truckloads of goods, including pharmaceuticals and consumer products, to be rerouted and stolen without physical hijacking. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai)) The surge in cyber-enabled cargo theft underscores the evolving tactics of organized crime, blending traditional theft with advanced cyber techniques. This trend highlights the urgent need for enhanced cybersecurity measures within the transportation industry to protect against such multifaceted threats.
1 month ago
Kill Chain
Surge in Cyber-Enabled Cargo Theft: A 2025 Analysis
In 2025, cargo theft losses in the United States and Canada surged by 60%, reaching an estimated $725 million. This increase is attributed to cybercriminals employing sophisticated tactics such as phishing, impersonation, and system compromises to hijack goods during transit. By infiltrating supply chain systems, these actors rerouted shipments, leading to significant financial and operational disruptions for businesses. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai)) The FBI's April 30, 2026, public service announcement underscores the evolving nature of cargo theft, emphasizing the integration of cyber techniques into traditional theft methods. This trend highlights the urgent need for enhanced cybersecurity measures within the transportation and logistics sectors to mitigate the risks posed by these advanced threats. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai))
1 month ago
Kill Chain
FBI Reports 60% Increase in Cyber-Enabled Cargo Thefts in 2025
In 2025, the FBI reported a 60% increase in cyber-enabled cargo thefts across the U.S. and Canada, totaling nearly $725 million in losses. Threat actors infiltrated freight brokers and carriers through phishing emails and fake web links, gaining unauthorized access to systems. They then posted fraudulent listings on online load boards, impersonated legitimate companies, and diverted high-value shipments for resale. The Diesel Vortex group, active since September 2025, targeted freight and logistics operators in the U.S. and Europe, compromising numerous platforms and stealing credentials. This surge underscores the evolving tactics of cybercriminals who exploit digital vulnerabilities to execute physical thefts. The transportation and logistics sectors must enhance cybersecurity measures to protect against such sophisticated attacks.
1 month ago
Kill Chain
Understanding the TeamPCP Supply Chain Attack of March 2026
In March 2026, the threat actor group TeamPCP executed a sophisticated supply chain attack, compromising widely used developer tools including Aqua Security's Trivy, Checkmarx's KICS, and the LiteLLM Python package. By exploiting stolen credentials, they injected credential-stealing malware into these tools, leading to the exfiltration of sensitive data such as API keys, cloud service credentials, and source code from numerous organizations. The attack unfolded rapidly over a span of five days, with each compromised tool serving as a vector to infiltrate the next, demonstrating the cascading risks inherent in supply chain vulnerabilities. This incident underscores the critical importance of securing the software supply chain, especially as attackers increasingly target trusted development tools to gain unauthorized access. Organizations must implement robust security measures, including regular credential rotation, stringent access controls, and continuous monitoring of CI/CD pipelines, to mitigate the risks associated with such attacks.
2 months ago
Kill Chain
Mazda's 2025 Data Breach: A Wake-Up Call for Supply Chain Security
In December 2025, Mazda Motor Corporation identified unauthorized access to a warehouse management system associated with parts procured from Thailand. The breach exposed 692 records containing user IDs, full names, email addresses, company names, and business partner IDs. No customer data was involved. Mazda promptly reported the incident to Japan's Personal Information Protection Commission and implemented enhanced security measures, including reducing internet exposure, applying security patches, increasing monitoring for suspicious activity, and introducing stricter access policies. This incident underscores the persistent threat of cyberattacks targeting supply chain systems. Organizations must remain vigilant, as such breaches can lead to phishing attacks and scams targeting exposed individuals. Implementing robust security protocols and continuous monitoring is essential to mitigate these risks.
3 months ago
Kill Chain
Diesel Vortex Phishing Attack Targets Freight and Logistics Sector in 2025
In late 2025, a cybercriminal group known as 'Diesel Vortex' orchestrated a sophisticated phishing campaign targeting freight and logistics companies across the United States and Europe. Utilizing 52 deceptive domains, the attackers impersonated legitimate platforms such as DAT Truckstop, TIMOCOM, and Penske Logistics to harvest credentials from industry professionals. The campaign led to the compromise of 1,649 unique accounts, facilitating unauthorized access to critical systems and enabling fraudulent activities, including cargo theft and financial fraud. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-freight-and-logistics-orgs-in-the-us-europe/?utm_source=openai)) This incident underscores a growing trend of targeted cyberattacks within the logistics sector, highlighting the urgent need for enhanced security measures and employee training to mitigate the risks associated with phishing and credential theft. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/phishing-campaign-targets-freight-and-logistics-orgs-in-the-us-europe/?utm_source=openai))
4 months ago
Kill Chain
North Korea’s Labyrinth Chollima Splits: New Specialized Threat Groups Emerge in 2024
In early 2024, researchers from CrowdStrike revealed that the long-active North Korean threat group known as Labyrinth Chollima has formally split into three specialized entities: Labyrinth Chollima (espionage), Golden Chollima, and Pressure Chollima (both focused on cryptocurrency theft). This change followed observed divergences in tactics, malware usage, and sector targeting, with Labyrinth Chollima shifting focus to manufacturing, logistics, aerospace, and defense, often leveraging social engineering and sharing infrastructure with its counterparts. Notably, Pressure Chollima was behind the record-breaking $1.46 billion cryptocurrency heist in 2023, illustrating the scale and sophistication of the new operational structure. This realignment signals increasing specialization and growth within North Korea's cyber apparatus, enabling more targeted attacks and efficient monetization strategies. Organizations in critical industries and the crypto sector face heightened risks as these groups adapt rapidly and circumvent international sanctions by fueling cyber operations with illicit gains.
4 months ago
Kill Chain
How Insider Threats and Malware Breached Rotterdam and Antwerp Ports
Between September 2020 and April 2021, a Dutch national infiltrated IT systems across major European ports, including Rotterdam and Antwerp, by leveraging insider access at a logistics firm. Employees inserted USB sticks laden with malware, providing the hacker with persistent access to sensitive server infrastructure. Through remote access tools, the attacker intercepted data in transit, exfiltrated critical databases, and enabled large-scale smuggling operations—including the undetected import of 210 kg of cocaine—while also attempting extortion and resale of malware. This incident highlights the evolving intersection of cybercrime with organized crime, particularly how threat actors exploit insider vectors to orchestrate large-scale physical and digital breaches. The case underscores urgent regulatory and cyber defense challenges facing port operators and logistics networks globally.
5 months ago
Kill Chain
Jaguar Land Rover Hit by Devastating 2025 Ransomware Attack: Supply Chains & Data at Risk
In September 2025, Jaguar Land Rover (JLR) suffered a devastating ransomware and extortion attack attributed to the Scattered Lapsus$ Hunters collective, a group comprising threat actors from Lapsus$, Scattered Spider, and ShinyHunters. The attackers breached JLR’s systems, forcing the automaker to halt production and send staff home. The resulting multi-week operational disruption led to a 43% drop in wholesale volumes in the third quarter, significant delays in fulfilling orders, and the confirmed theft of sensitive data. The financial toll exceeded £196 million ($220 million), prompting emergency UK government intervention to support JLR’s supply chain recovery. This incident underscores the evolving risk faced by global manufacturers from sophisticated, identity-centric ransomware actors employing both operational disruption and data theft for extortion. It highlights a broader trend of targeted attacks against critical supply chains, compounding economic impacts and regulatory scrutiny across industries.
5 months ago
Kill Chain
Kimsuky Leverages QR Phishing to Spread Android Malware in Fake Delivery App Campaign (2025)
In June 2025, the North Korean threat group Kimsuky launched a sophisticated phishing campaign using QR codes that directed victims to malicious websites impersonating South Korean logistics giant CJ Logistics. Unsuspecting users who scanned the QR codes and interacted with fake prompts were tricked into downloading and executing the DocSwap Android malware. The malware enabled unauthorized access to sensitive device data and communications, potentially allowing attackers to conduct surveillance and lateral movement within enterprise environments. The incident highlights the versatility of Kimsuky’s tactics and the growing risk to mobile users targeted via supply-chain or delivery-themed phishing. Kimsuky's campaign reflects a broader industry-wide uptick in mobile phishing and social engineering attacks that leverage QR codes and trusted brands. This case demonstrates how advanced persistent threat actors are pivoting to circumvent traditional detection, pushing organizations to adopt holistic mobile and endpoint security strategies.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports