Diesel Vortex Phishing Campaign Hits Freight & Logistics Firms Across US and Europe

Diesel Vortex Phishing Campaign Targets Global Freight and Logistics Sector

A financially motivated threat group tracked as Diesel Vortex is conducting a large-scale phishing campaign targeting freight and logistics operators across the United States and Europe, according to security researchers. The campaign leverages 52 malicious domains to harvest credentials from organizations in the transportation and supply chain sectors.

Campaign Overview and Technical Details

The Diesel Vortex group has been active since at least early 2024, with a focus on compromising corporate credentials through spear-phishing emails. The threat actors use typosquatting domains—such as those mimicking legitimate logistics platforms—to deceive employees into entering login credentials on fake login portals.

Key technical details include:

• 52 domains registered under the campaign, many using logistics-related keywords (e.g., freight-portal[.]com, logistics-auth[.]net).
• Phishing emails impersonate trusted partners, such as shipping providers or customs agencies, to increase credibility.
• Credential harvesting pages are designed to closely resemble legitimate login portals, often hosted on compromised or bulletproof hosting services.
• No known CVE exploits have been linked to the campaign; attacks rely on social engineering rather than software vulnerabilities.

Impact and Motivations

The campaign appears financially motivated, with stolen credentials likely used for:

• Business Email Compromise (BEC) attacks to redirect payments or sensitive shipments.
• Supply chain fraud, including invoice manipulation or cargo theft.
• Espionage or further lateral movement within compromised networks.

Freight and logistics firms are high-value targets due to their complex supply chains, frequent financial transactions, and reliance on third-party vendors—making them particularly vulnerable to phishing and BEC schemes.

Recommendations for Organizations

Security teams in the freight and logistics sectors should take the following steps to mitigate risks:

1. Domain Monitoring and Blocking

   • Deploy DNS filtering to block known malicious domains associated with Diesel Vortex.
   • Monitor for newly registered domains using logistics-related keywords.

2. Employee Training and Awareness

   • Conduct phishing simulation exercises to improve detection of fake login portals.
   • Emphasize verification protocols for payment requests or credential submissions.

3. Multi-Factor Authentication (MFA)

   • Enforce MFA for all corporate accounts, particularly email and financial systems.
   • Prioritize phishing-resistant MFA (e.g., FIDO2 security keys) for high-risk roles.

4. Email Security Enhancements

   • Implement DMARC, DKIM, and SPF to prevent email spoofing.
   • Use advanced threat protection (ATP) solutions to detect and quarantine phishing emails.

5. Incident Response Preparedness

   • Develop and test playbooks for credential compromise scenarios.
   • Monitor for unusual login attempts or access from unfamiliar geolocations.

Conclusion

The Diesel Vortex phishing campaign underscores the persistent threat posed by social engineering attacks to critical infrastructure sectors. Freight and logistics operators must adopt a defense-in-depth approach, combining technical controls, employee training, and proactive monitoring to mitigate risks. Security teams are advised to share indicators of compromise (IOCs) and collaborate with industry peers to disrupt the campaign’s infrastructure.

For a full list of IOCs, refer to the original report by BleepingComputer.