Full Report
Researchers have uncovered and taken down the infrastructure of a phishing operation run by Russian cybercriminals targeting freight companies in the U.S. and Europe. Over a five-month period, the group, dubbed Diesel Vortex, stole more than 1,600 login credentials from accounts at logistics platforms, which allowed thieves to intercept and divert freight shipments and commit…
Analysis Summary
# Threat Actor: Diesel Vortex
## Attribution & Identity
* **Identification:** Cybercriminal group responsible for a large-scale phishing operation.
* **Attribution:** Linked to Russian cybercriminals, with operational ties or origins possibly involving Armenia.
* **Known Aliases and Associated Groups:** Diesel Vortex (primary designation by researchers).
## Activity Summary
* The operation ran for over a five-month period.
* The group successfully stole more than 1,600 login credentials from logistics platform accounts.
* The ultimate goal achieved was the interception and diversion of freight shipments, coupled with check fraud.
* The infrastructure for this operation was recently uncovered and taken down by researchers.
## Tactics, Techniques & Procedures
* **Primary TTP:** Phishing operations targeting logistics platforms.
* **Discovery Method:** Researchers discovered exposed operational details via an exposed `.git` directory.
* **Objective Achievement:** Used stolen credentials to gain unauthorized access to logistics systems for financial fraud/theft.
* *Note: Specific technical TTPs (like email structure or hosting type) are not detailed beyond the overarching phishing campaign.*
## Targeting
* **Sectors:** Freight/Logistics/Cargo Industry.
* **Geography:** United States (U.S.) and Europe.
* **Victims:** Accounts belonging to workers/entities using logistics platforms.
## Tools & Infrastructure
* **Malware Families Used:** Not specified in the provided context.
* **Infrastructure (C2, domains, IPs):** The operation utilized specific infrastructure which was targeted and taken down, though specific domains or IPs were not listed.
## Implications
* This actor poses a significant threat to global supply chain security and financial integrity within the freight sector.
* The success rate (over 1,600 credentials stolen) indicates a highly effective and persistent phishing methodology targeting a lucrative, specialized industry.
* The takedown demonstrates successful proactive defensive action against this specific operation.
## Mitigations
* Implement strong multi-factor authentication (MFA) across all logistics and freight management platforms.
* Conduct frequent, targeted phishing simulations specific to logistics environment credentials.
* Regularly audit configuration management repositories (like `.git` folders) for accidental public exposure of internal operational data.