Freight Fraud as a Service: Inside the Diesel Vortex Cyber Operation
A sophisticated cybercrime operation has demonstrated how freight fraud is evolving from opportunistic theft into a scalable, service-based business. Security researchers tracking a group known as Diesel Vortex have uncovered a campaign that harvested more than 1,600 logins for major logistics platforms, turning carrier identities into weapons for double-brokering scams and cargo theft. The operation highlights a critical vulnerability in global supply chains, where digital identities are often less secure than the physical cargo they move.
Background and Context
Diesel Vortex, identified by industry investigators, functions more like a small enterprise than a loose collective of hackers. The group utilized phishing campaigns that mimicked the daily tools of dispatchers and brokers—specifically targeting load boards, fleet portals, and fuel-card systems. By enticing victims to enter credentials on convincing fake sites, the attackers captured usernames, passwords, and one-time codes in real time. This access allowed them to impersonate legitimate carriers, accept loads, and redirect cargo, effectively bypassing the trust mechanisms that underpin the logistics industry.
Key Figures and Entities
The scope of the attack reached core infrastructure providers rather than fringe tools. Victims included users of DAT Truckstop, Timocom, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS). Analysis of an exposed code repository and database revealed an organized internal structure: Diesel Vortex operated with call-centre agents, email operators, programmers, and staff dedicated to recruiting drivers. Investigators discovered internal documents labeled "GlobalProfit" and "MC Profit Always," suggesting a long-term strategy to monetize stolen logistics identities.
Legal and Financial Mechanisms
The primary financial mechanism employed was "double brokering," a form of fraud where a load is brokered to a carrier who does not actually move it, but instead re-brokers it for a quick profit while pocketing the original payment. While precise loss figures remain unpublished, the scale of the compromised credentials implies a material financial impact. The group used a reusable playbook to automate this process, effectively commodifying the attack. This "fraud-as-a-service" model lowers the barrier to entry for other criminals, allowing them to purchase or lease the tools needed to infiltrate the supply chain without developing the technical infrastructure themselves.
International Implications and Policy Response
The Diesel Vortex operation exposes regulatory gaps on both sides of the Atlantic. In Europe, key transport segments fall under the revised NIS2 Directive, which mandates stricter cybersecurity measures for essential sectors. However, implementation remains uneven. In North America, where freight fraud rates are climbing, reliance on rule-based controls has proven insufficient against sophisticated identity theft. The threat extends beyond trucking; compromised inland logistics identities can eventually disrupt ocean shipping and port operations, where misdirected containers can liner schedules and damage trust in maritime hubs.
Sources
This report is based on findings from cybersecurity researchers investigating the Diesel Vortex group, public statements regarding logistics platform vulnerabilities, and European Union cybersecurity policy frameworks.
