Diesel Vortex: Phishing Campaign Targets Freight and Logistics Worldwide

February 25, 2026 Faeem BLOGS 0

A newly uncovered phishing campaign highlights how freight and logistics operators in the U.S. and Europe are being targeted by a financially motivated group dubbed Diesel Vortex. This operation demonstrates how cybercriminals exploit industries that are critical to global trade but often overlooked in enterprise security programs.

What Happened

  • Since September 2025, Diesel Vortex has stolen 1,649 unique credentials from logistics platforms.
  • Victims include DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS).
  • The group used 52 phishing domains to impersonate freight exchanges, fleet management portals, and fuel card systems.
  • Researchers uncovered the campaign after finding an exposed repository containing SQL databases, Telegram logs, and phishing kits.

How the Campaign Works

  • Phishing Infrastructure: Pixel‑perfect clones of logistics platforms hosted on .com domains, cloaked through nine stages on .top and .icu domains.
  • Delivery Methods:
    • Phishing emails sent via Zoho SMTP and Zeptomail.
    • Cyrillic homoglyph tricks to bypass filters.
    • Voice phishing and infiltration into Telegram channels used by trucking personnel.
  • Captured Data: Credentials, permit data, MC/DOT numbers, RMIS login details, PINs, 2FA codes, tokens, payment amounts, and check numbers.
  • Operational Model: A mind map revealed a structured organization with call‑center staff, programmers, and logistics contacts, showing this is more than a small criminal group—it’s a fraud enterprise.

Why It Matters

  • Supply chain risk: Freight and logistics are critical to global commerce, yet often underprotected compared to financial or healthcare sectors.
  • Credential theft impact: Stolen identities enable double brokering—fraudulent cargo diversion where goods are rerouted to unauthorized pickup points.
  • Organized crime: Diesel Vortex operates like a business, complete with infrastructure, staff, and revenue tiers.

Defensive Recommendations

Organizations in freight and logistics should:

  • Harden email security: Deploy advanced phishing detection and train staff to spot homoglyph tricks.
  • Audit credentials: Monitor for unauthorized logins and enforce MFA across all portals.
  • Secure communication channels: Limit exposure on Telegram and other messaging platforms.
  • Verify freight transactions: Double‑check carrier identities and load confirmations to prevent double brokering.
  • Collaborate with industry peers: Share intelligence across logistics networks to detect and disrupt campaigns early.

Final Thought

Diesel Vortex shows how cybercrime is evolving into organized fraud operations targeting industries that keep global trade moving. For logistics leaders, the lesson is clear: cybersecurity is now a supply chain issue. Protecting credentials, verifying transactions, and strengthening communication channels are essential to safeguarding both cargo and reputation.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.