Phishing campaign targets freight and logistics orgs in the US, Europe
Bleeping Computer
by Bill ToulasFebruary 24, 2026
AI-Generated Deep Dive Summary
A new phishing campaign led by a cybercriminal group known as "Diesel Vortex" has been targeting freight and logistics organizations in the U.S. and Europe since September 2025. The campaign, which uses 52 domains to steal credentials, has already compromised 1,649 unique sets of login information from platforms critical to the freight industry, including DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS). Researchers at Have I Been Squatted discovered the operation after finding an exposed repository containing stolen credentials and communication logs linked to a phishing project called Global Profit.
The Diesel Vortex group appears to be highly organized, with members using Armenian and connected to Russian infrastructure. Their attacks involve sophisticated tactics such as typosquatting, where fake domains mimic legitimate ones, and voice phishing. They also infiltrate Telegram channels frequented by trucking professionals, furthering their reach. Phishing pages are designed to perfectly replicate the targeted platforms, making them nearly indistinguishable from real sites.
The campaign's phishing kits use Zoho SMTP and Zeptomail services to send emails with Cyrillic homoglyph tricks in sender and subject lines, evading security filters. When victims click on links, they land on minimal HTML pages loaded via iframes, followed by a nine-stage cloaking process. These pages capture sensitive data such as credentials, payment details, and two-factor authentication codes
Verticals
securitytech
Originally published on Bleeping Computer on 2/24/2026