✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
Package/Freight Delivery
Breach intelligence, attack campaigns, and threat reports targeting the Package/Freight Delivery sector.
Explore Other Sectors
Package/Freight Delivery Threat Reports
Surge in Cyber-Enabled Cargo Theft: A 2025 Analysis
In 2025, cargo theft losses in the United States and Canada surged by 60%, reaching an estimated $725 million. This increase is attributed to cybercriminals employing sophisticated tactics such as phishing, impersonation, and system compromises to hijack goods during transit. By infiltrating supply chain systems, these actors rerouted shipments, leading to significant financial and operational disruptions for businesses. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai)) The FBI's April 30, 2026, public service announcement underscores the evolving nature of cargo theft, emphasizing the integration of cyber techniques into traditional theft methods. This trend highlights the urgent need for enhanced cybersecurity measures within the transportation and logistics sectors to mitigate the risks posed by these advanced threats. ([ic3.gov](https://www.ic3.gov/PSA/2026/PSA260430?utm_source=openai))
1 month ago
Kill Chain
FedEx Phishing Scam Unleashes XWorm Malware
In February 2026, a sophisticated phishing campaign impersonated FedEx to distribute the XWorm malware. Victims received emails claiming undelivered packages, prompting them to open malicious attachments. These attachments executed scripts that installed XWorm, a Remote Access Trojan (RAT) capable of stealing sensitive information, hijacking accounts, and executing commands remotely. The malware utilized advanced techniques like process injection and encrypted communication to evade detection. This incident underscores the evolving nature of phishing attacks, which now employ multi-stage payloads and sophisticated evasion tactics. Organizations must enhance their email security measures and educate employees on recognizing such deceptive schemes to mitigate the risk of similar threats.
3 months ago
Kill Chain
Sophisticated Phishing Attacks Target Japanese Companies in 2026
In February 2026, a series of sophisticated phishing campaigns targeted Japanese-speaking individuals by impersonating reputable companies such as ANA, DHL, and myTOKYOGAS. These emails, originating from domains with a .cn top-level domain, utilized the Foxmail email client and directed recipients to counterfeit login pages designed to harvest sensitive credentials. The consistent use of the Foxmail client and .cn domains suggests coordination by a single threat actor. This incident underscores the evolving tactics of cybercriminals in crafting culturally and linguistically tailored phishing schemes to deceive users and compromise personal information. The prevalence of such targeted attacks highlights the necessity for enhanced vigilance and robust email filtering mechanisms to protect against credential theft and potential financial loss.
4 months ago
Kill Chain
Kimsuky Leverages QR Phishing to Spread Android Malware in Fake Delivery App Campaign (2025)
In June 2025, the North Korean threat group Kimsuky launched a sophisticated phishing campaign using QR codes that directed victims to malicious websites impersonating South Korean logistics giant CJ Logistics. Unsuspecting users who scanned the QR codes and interacted with fake prompts were tricked into downloading and executing the DocSwap Android malware. The malware enabled unauthorized access to sensitive device data and communications, potentially allowing attackers to conduct surveillance and lateral movement within enterprise environments. The incident highlights the versatility of Kimsuky’s tactics and the growing risk to mobile users targeted via supply-chain or delivery-themed phishing. Kimsuky's campaign reflects a broader industry-wide uptick in mobile phishing and social engineering attacks that leverage QR codes and trusted brands. This case demonstrates how advanced persistent threat actors are pivoting to circumvent traditional detection, pushing organizations to adopt holistic mobile and endpoint security strategies.
5 months ago
Kill Chain
Broadside Mirai Variant Disrupts Maritime Logistics Sector in 2024
In early 2024, a novel Mirai variant dubbed 'Broadside' was discovered targeting maritime logistics organizations by exploiting a critical command injection flaw in exposed DVR systems. Attackers leveraged this vulnerability to gain persistent access, hijack the devices, and enable lateral movement across internal shipping infrastructure. Once compromised, infected endpoints became part of a botnet, amplifying the campaign’s impact and potentially threatening the operational continuity of global maritime logistics firms. The incident underscores growing risks faced by critical infrastructure sectors as IoT-targeting malware evolves. Mirai and its variants continue to adapt, now seeking less-conventional, specialized equipment in sectors previously overlooked, further complicating defense and regulatory compliance for logistics organizations worldwide.
5 months ago
Kill Chain
How Phishing-as-a-Service Scams Exploited USPS and E-Z Pass: The Lighthouse Case
In 2025, Google filed a legal complaint against a China-based cybercriminal group alleged to have developed 'Lighthouse' Phishing-as-a-Service (PaaS) kits. These kits empower low-skilled actors to execute widespread smishing (SMS phishing) and e-commerce scams by providing templates, domain setup tools, and fake websites mimicking trusted brands such as USPS and E-Z Pass. Victims are lured via texts about overdue fees or package deliveries, redirecting them to realistic phishing sites that harvest credentials and financial information. The campaign leveraged legitimate ad platforms and payment methods, increasing its reach and credibility. The incident underscores the rising threat and sophistication of PaaS offerings, which lower the barrier for cybercrime and accelerate the proliferation of phishing campaigns. As threat actors streamline attack automation and mimic reputable organizations, enterprises must adapt with real-time detection, segmented network defenses, and stronger authentication measures.
5 months ago
Kill Chain
How Google Disrupted the Lighthouse Phishing-as-a-Service Operation in 2024
In early 2024, Google’s Threat Analysis Group identified and disrupted the 'Lighthouse' Phishing-as-a-Service (PhaaS) platform, operated by the Smishing Triad criminal group. Lighthouse enabled large-scale, automated phishing campaigns, leveraging SMS-based lures such as unpaid toll notifications and fraudulent package delivery alerts. Attackers used this kit to collect personal and financial data, facilitating credentials theft across multiple geographies. Google’s intervention included technical disruption, reporting malicious domains, and restricting infrastructure linked to the group, limiting subsequent campaign reach and effectiveness. The Lighthouse case highlights a surge in professionally run phishing platforms offered as a service, making sophisticated cybercrime accessible to less-skilled actors. Organizations face heightened risk from increasingly tailored, high-volume phishing attacks exploiting mobile and digital payment ecosystems, warranting ongoing vigilance and stronger controls.
5 months ago
Kill Chain
Google Takes Legal Aim at Lighthouse Smishing Syndicate in 2024
In June 2024, Google initiated a civil lawsuit targeting the perpetrators of the 'Lighthouse' phishing-as-a-service operation, believed to be managed by individuals based in China. These actors used large-scale SMS phishing (smishing) campaigns, often spoofing Google and other trusted brands, to lure victims into divulging personal and financial information by clicking fraudulent links. Over a short period, the attackers deployed hundreds of thousands of fake sites and reportedly victimized more than one million people worldwide, resulting in significant financial losses and the compromise of millions of payment cards—primarily in the United States. The group’s abuse of Google’s trademarks also led the company to seek legal and technical disruption measures, including the removal of malicious domains. This case illustrates the growing impact and reach of phishing-as-a-service kits, which democratize sophisticated techniques for broader criminal use. The prevalence of smishing, coupled with international threat actor networks, reinforces the need for proactive legal and technical responses, as well as multi-stakeholder legislative and public awareness initiatives.
5 months ago
Kill Chain
Inside Google’s 2025 Crackdown on the Lighthouse Phishing Platform
In November 2025, Google filed a landmark lawsuit in the U.S. District Court for the Southern District of New York, targeting a group of China-based threat actors operating the Lighthouse Phishing-as-a-Service (PhaaS) platform. Lighthouse enabled massive SMS phishing attacks, leveraging trusted brands such as E-ZPass and USPS to lure victims. The operation compromised more than 1 million users across 120 countries by automating credential theft at scale, enabling untraceable criminal campaigns, and facilitating both lateral movement and data exfiltration. The attackers' infrastructure capitalized on encrypted traffic obfuscation and rapid brand impersonation techniques. This lawsuit marks a significant escalation in technology companies' pursuit of legal remedies against sophisticated cybercriminal ecosystems. It underscores the rising threat of PhaaS platforms enabling non-technical actors, the rapid proliferation of phishing kits, and the urgent need for zero trust and multi-layered defenses in digital infrastructure.
5 months ago
Kill Chain
Hackers Weaponize Remote Access: Cargo Freight Hijacking Hits Supply Chain
In early 2024, cybercriminals orchestrated a sophisticated supply-chain attack targeting the logistics sector by weaponizing remote monitoring and management (RMM) tools to seize control over freight operations. Exploiting weak access controls and leveraging legitimate remote-access software, attackers infiltrated trucking company systems and issued unauthorized commands, redirecting and physically stealing cargo from moving supply chains. This intrusion resulted in significant operational disruption, untraceable cargo losses, and highlighted severe gaps in network segmentation and east-west traffic security. This attack marks a rise in real-world impacts from IT compromise, illustrating how digital breaches are now driving tangible disruptions across critical infrastructure. The incident underscores escalating regulatory scrutiny and the urgency of advanced security controls to mitigate supply-chain and identity-driven threats.
5 months ago
Kill Chain
Freight Brokers Targeted: Hackers Use RMM Tools in Supply Chain Heist (2024)
In 2024, cybercriminals executed a targeted supply chain attack against freight brokerages and trucking carriers by exploiting phishing emails and malicious links. Attackers used remote monitoring and management (RMM) tools to infiltrate corporate systems, taking control of freight scheduling and logistics platforms. This allowed the threat actors to manipulate cargo shipments, redirect valuable freight, and orchestrate the theft of physical goods. The attack revealed significant gaps in internal segmentation, endpoint security, and east-west visibility, resulting in financial loss, disrupted operations, and reputational impact across the logistics sector. This incident highlights an emerging trend in the weaponization of legitimate IT tools like RMMs for high-value supply chain attacks. As threat actors innovate with living-off-the-land techniques, organizations with critical logistics functions face heightened scrutiny from regulators and renewed urgency to close visibility and segmentation gaps.
5 months ago
Kill Chain
Cybercriminals Infiltrate Logistics & Freight Networks with Malicious Remote Monitoring Tools
In June 2025, cybercriminals aligned with organized crime groups targeted logistics and freight organizations using malicious Remote Monitoring and Management (RMM) tools to infiltrate operational networks. Attackers gained entry via phishing campaigns that tricked employees into deploying unauthorized RMM software, providing persistent remote access for data exfiltration and, in some cases, facilitating theft of high-value cargo. The breach’s impact manifested in compromised shipment scheduling, disrupted fleet operations, and direct financial loss due to fraudulent transactions and stolen cargo. This incident underscores the growing trend of attackers exploiting legitimate IT tools for financial crime, particularly across critical supply chain infrastructure. The prevalence of infostealer malware and stealthy remote-access attacks highlights the urgency for logistics companies to strengthen segmentation, adopt zero trust models, and improve anomaly detection.
5 months ago
Kill Chain
Stop Active Cloud Data Exfiltration
Aviatrix Breach Lock helps teams instantly identify what data is leaving the environment, from which workload, and where it’s going — during an active breach.
Looking for threats in a different sector?
Browse All Threat Reports