Hackers use RMM tools to breach freighters and steal cargo shipments

Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods.

The attacker’s primary goal is to install RMMs like ScreenConnect, SimpleHelp, PDQ Connect, Fleetdeck, N-able, and LogMeIn Resolve on the target companies’ systems, which give them full remote control, reconnaissance, and credential harvesting capabilities.

By means of these tools, which are legitimate software, the attacker can control the compromised machine and can modify bookings, block dispatcher notifications, add their own devices to dispatcher phone extensions, and book loads under the compromised carrier’s identity.

“Once initial access is established, the threat actor conducts system and network reconnaissance and deploys credential harvesting tools such as WebBrowserPassView,” the researchers say.

To read the complete article see: Full Article.