Diesel Vortex: Russian Cybercriminals Exploit Global Logistics Networks in Massive Credential Theft
A sophisticated cybercriminal group known as Diesel Vortex has orchestrated an extensive phishing campaign targeting freight and trucking companies across the United States and Europe. Operating from September 2025 through February 2026, this Russian-linked group successfully compromised over 1,649 unique login credentials from major logistics platforms, including DAT Truckstop, Penske Logistics, Electronic Funds Source (EFS), and Timocom.
The Modus Operandi of Diesel Vortex
Diesel Vortex employed a multifaceted approach to infiltrate the logistics sector. Their tactics included spearphishing emails, voice phishing calls, and infiltration of freight-focused Telegram groups. By impersonating trusted platforms, they intercepted login credentials and multi-factor authentication (MFA) codes in real-time. This access enabled them to redirect shipments, siphon funds, and commit check fraud.
The group operated as a structured criminal service, marketing their phishing access under the brand name MC Profit Always. They developed a Phishing-as-a-Service (PhaaS) platform called GlobalProfit, designed for Russian-speaking criminal buyers, complete with cryptocurrency payment processing.
Technical Sophistication and Deception Techniques
One of the most striking aspects of Diesel Vortex’s operation was their use of dual-domain deception. Victims received links to seemingly legitimate advertise domains. Upon clicking, these pages secretly embedded a second, hidden system domain within an invisible browser frame. This technique kept the phishing content concealed from both victims and security tools, as the address bar displayed the trusted-looking domain while the malicious content loaded quietly inside it.
This method effectively bypassed most browser security warnings, which typically evaluate the top-level page but not the embedded frames. From their Telegram channels, operators could monitor each victim in real-time and push commands, steering them through fake login screens to capture additional credentials.
The Scope of the Breach
The full extent of Diesel Vortex’s campaign was revealed through an exposed Git directory on a phishing server. This discovery included the group’s source code, victim database, internal communications, and future plans. A 36.6MB SQL dump from February 4, 2026, confirmed the operation’s scale:
– Stolen Credentials: 3,474 pairs, including 1,649 unique credentials.
– Unique Visitor IPs: 9,016.
– Phishing Domains: 52.
– Targeted Emails: 75,840.
– EFS Check Fraud Attempts: 35.
The compromised data extended beyond login credentials, encompassing shipment invoices and financial details. This information facilitated invoice fraud and double-brokering schemes, where cargo is secretly resold to other carriers, leaving the original carrier unpaid.
Implications for the Logistics Sector
The Diesel Vortex campaign underscores the growing vulnerability of the logistics sector to cyberattacks. According to the EU Agency for Cybersecurity (ENISA), the transportation sector is among the most frequently targeted across Europe, with ransomware, phishing, and supply-chain attacks posing persistent challenges. In 2025, transport ranked among the top three sectors targeted by hacktivist activity, trailing public administration but ahead of finance.
The logistics industry’s reliance on digital platforms for operations, coupled with the involvement of multiple external partners, widens the attack surface. Many companies operate legacy IT systems with limited cyber defenses, making them attractive targets for cybercriminals.
Recommendations for Mitigation
To defend against rising cyber threats, logistics businesses should prioritize:
1. Cyber Hygiene and Training:
– Train all staff, including drivers and depot staff, on phishing scams, suspicious activity, and data handling.
– Promote the use of strong passwords and two-factor authentication for all logins.
2. Third-Party Risk Assessments:
– Audit and vet all software and service providers for their cybersecurity protocols.
– Demand cyber resilience plans from partners and ensure contracts include data protection clauses.
3. Regular Backups and Patch Management:
– Ensure critical systems are backed up regularly and stored offline.
– Keep all software, including fleet management tools and onboard devices, updated with the latest security patches.
4. Network Segmentation:
– Segment internal networks to isolate critical systems such as routing, telematics, and finance functions.
– Limit access permissions based on role, especially for remote workers and contractors.
Implementing these measures can significantly reduce the risk of cyberattacks and enhance the resilience of logistics operations.
Conclusion
The Diesel Vortex campaign serves as a stark reminder of the evolving cyber threats facing the logistics sector. As cybercriminals employ increasingly sophisticated techniques, it is imperative for companies to bolster their cybersecurity defenses, conduct regular risk assessments, and foster a culture of security awareness among employees. Proactive measures and vigilance are essential to safeguard the integrity and reliability of global logistics networks.
