This threat involves criminal enterprises conducting cyberattacks against shipping brokers and carriers to facilitate cargo theft. Attackers use phishing emails containing links to malware and remote access tools to compromise internal systems. They exploit compromised broker accounts to post fake freight listings on load boards, tricking legitimate carriers into downloading malware. Using stolen identities, attackers bid on real shipments and manipulate federal databases to update insurance and contact details, enhancing their legitimacy. Once contracts are won, they execute illegal double-brokering by hiring different drivers to pick up goods, which are then quickly resold or held for ransom. The FBI has provided indicators to help organizations detect such attacks.

Cargo theft losses exceeded $700 million in 2025, a 60% increase over the previous year, driven by cyber-enabled theft. The attacks compromise shipping brokers and carriers, resulting in stolen high-value goods, financial losses, and operational disruption. The threat actors' ability to manipulate federal databases and conduct double-brokering complicates detection and recovery efforts. There is no evidence of known exploits in the wild beyond these reported incidents, but the financial and operational impact on targeted companies is significant.

No official patch or fix is applicable as this threat involves social engineering and operational compromise rather than a software vulnerability. Organizations should monitor for FBI-provided indicators such as unauthorized shipment inquiries, suspicious email addresses, requests to download documents via shortened or spoofed links, and unauthorized email forwarding or auto-deletion rules. Enhancing email security controls, user awareness training focused on phishing, and verifying shipment requests through independent channels are recommended. The FBI alert serves as a key resource for detection and response guidance.