What: Cybercriminals are exploiting legitimate remote monitoring tools to infiltrate logistics networks, enabling large-scale cargo theft and disrupting retail supply chains.

Why it is important: The use of trusted IT tools for cyber-enabled theft exposes critical vulnerabilities in retail supply chains, demanding urgent investment in security and risk management.

A financially motivated threat group has been targeting the freight and logistics industry since June 2025, orchestrating a sophisticated campaign that merges cyber intrusion with physical cargo theft. By distributing legitimate remote monitoring and management (RMM) software such as ScreenConnect and SimpleHelp through spear-phishing and compromised load board accounts, attackers gain undetected access to logistics networks. Once inside, they manipulate core systems, delete legitimate freight bookings, and coordinate the fraudulent transport of high-value goods, mainly food and beverage products. This approach allows them to bypass traditional security measures, as RMM tools are often whitelisted within organizations. The campaign’s indiscriminate nature affects both small carriers and large supply chain providers, highlighting the vulnerability of the entire retail ecosystem. The blending of cyber and physical tactics demonstrates a deep understanding of logistics workflows and underscores the urgent need for retailers and their partners to reassess security protocols, invest in robust risk management, and foster cross-sector collaboration to protect inventory and maintain operational continuity.

IADS Notes: RH-ISAC’s April 2025 report details critical cyber threats to retail and hospitality, with third-party breaches accounting for 41% of incidents and average ransomware losses of $1.4 million. Retail Week and Inside Retail, in August and May 2025 respectively, highlight major attacks on supply chain providers and the resulting operational and financial impacts. The December 2024 ransomware attack on Blue Yonder further illustrates the widespread disruption cyber-enabled threats can cause across global retail logistics networks.

Cybercriminals exploit remote monitoring tools to infiltrate shipping and logistics networks