FBI: FBI warns cyber-enabled cargo theft is surging as losses hit $725 million in 2025

FBI Warns of Surging Cyber-Enabled Cargo Theft, Losses Hit $725 Million in 2025

The FBI has issued a public alert warning of a sharp rise in cyber-enabled strategic cargo theft, with threat actors impersonating brokers and carriers to hijack and resell high-value shipments. In 2025, losses in the U.S. and Canada reached nearly $725 million a 60% year-over-year increase while confirmed incidents rose 18%, with the average theft value climbing 36% to $273,990.

Attackers gain access to logistics systems through phishing, spoofed emails, and compromised carrier accounts, then manipulate load boards by posting fraudulent listings or altering legitimate shipments. Once inside, they hijack identities, double-broker loads, and modify critical documents such as bills of lading and delivery addresses to reroute cargo. Some schemes culminate in ransom demands after shipments vanish.

The FBI detailed a multi-step operation, where threat actors first deploy remote access tools via malicious links, then flood load boards with fake listings while bidding on real shipments using stolen credentials. They sustain deception by altering carrier contact and insurance details, delaying detection until goods are stolen and resold.

Key warning signs include unauthorized shipment notifications, spoofed emails with slight domain variations, and requests to download documents from suspicious links. Compromised accounts may show unusual mailbox rules, such as auto-forwarding or hidden folders, while attackers often use short-lived VoIP numbers for communication.

The alert underscores the growing sophistication of cyber-enabled cargo theft, targeting transportation and logistics sectors with high-value, selective attacks.

Source: https://industrialcyber.co/transport/fbi-warns-cyber-enabled-cargo-theft-is-surging-as-losses-hit-725-million-in-2025/

Federal Bureau of Investigation (FBI) cybersecurity rating report: https://www.rankiteo.com/company/fbi

"id": "FBI1779517614",
"linkid": "fbi",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"

{'affected_entities': [{'industry': 'Logistics/Transportation',
                        'location': ['U.S.', 'Canada'],
                        'type': 'Transportation and logistics companies'}],
 'attack_vector': ['Phishing',
                   'Spoofed emails',
                   'Compromised carrier accounts',
                   'Malicious links'],
 'data_breach': {'sensitivity_of_data': 'High (logistics and shipment data)',
                 'type_of_data_compromised': ['Carrier credentials',
                                              'Shipment details',
                                              'Bills of lading',
                                              'Delivery addresses']},
 'date_detected': '2025',
 'date_publicly_disclosed': '2025',
 'description': 'The FBI has issued a public alert warning of a sharp rise in '
                'cyber-enabled strategic cargo theft, where threat actors '
                'impersonate brokers and carriers to hijack and resell '
                'high-value shipments. Attackers gain access to logistics '
                'systems through phishing, spoofed emails, and compromised '
                'carrier accounts, then manipulate load boards by posting '
                'fraudulent listings or altering legitimate shipments. Once '
                'inside, they hijack identities, double-broker loads, and '
                'modify critical documents such as bills of lading and '
                'delivery addresses to reroute cargo. Some schemes culminate '
                'in ransom demands after shipments vanish.',
 'impact': {'financial_loss': '$725 million (2025, U.S. and Canada)',
            'identity_theft_risk': 'High (identity hijacking of '
                                   'brokers/carriers)',
            'operational_impact': 'Unauthorized rerouting of shipments, '
                                  'identity hijacking, double-brokering of '
                                  'loads',
            'systems_affected': ['Logistics systems', 'Load boards']},
 'initial_access_broker': {'backdoors_established': 'Remote access tools via '
                                                    'malicious links',
                           'entry_point': ['Phishing',
                                           'Spoofed emails',
                                           'Compromised carrier accounts'],
                           'high_value_targets': 'High-value shipments'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Growing sophistication of cyber-enabled cargo theft, '
                    'targeting high-value shipments with selective attacks. '
                    'Key warning signs include unauthorized shipment '
                    'notifications, spoofed emails with slight domain '
                    'variations, and requests to download documents from '
                    'suspicious links.',
 'motivation': ['Financial gain', 'Resale of high-value shipments'],
 'post_incident_analysis': {'root_causes': ['Phishing',
                                            'Spoofed emails',
                                            'Compromised credentials',
                                            'Lack of multi-factor '
                                            'authentication']},
 'ransomware': {'ransom_demanded': 'Some cases'},
 'references': [{'date_accessed': '2025', 'source': 'FBI Public Alert'}],
 'response': {'communication_strategy': 'Public alert issued by FBI',
              'law_enforcement_notified': 'FBI'},
 'stakeholder_advisories': 'FBI alert to transportation and logistics sectors',
 'title': 'FBI Warns of Surging Cyber-Enabled Cargo Theft',
 'type': 'Cyber-Enabled Cargo Theft',
 'vulnerability_exploited': 'Compromised logistics systems and load boards'}