• Phishing campaign targets freight and logistics orgs in the US, Europe February 24, 2026 06:57 PM 0 A financially motivated threat group dubbed “Diesel Vortex” is stealing credentials from freight and logistics operators in the U.S. • and Europe in phishing attacks using 52 domains. • In a campaign that has been running since September 2025, the threat actor has stolen 1,649 unique credentials from platforms and service providers critical in the freight industry. • Some of the Diesel Vortex victims include DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka, and Electronic Funds Source (EFS). • Researchers at the typosquatting monitoring platform Have I Been Squatted uncovered the campaign after finding an exposed repository containing an SQL database from a phishing project that the threat actor called Global Profit and marketed it to other cybercriminals under the name MC Profit Always. • The repository also included a file with Telegram webhook logs that revealed communications between the phishing service operators.

Article Summaries:

  • A threat group called “Diesel Vortex” has been running a phishing campaign against freight and logistics operators in the U.S. and Europe since September 2025. Using 52 domains, the attackers stole 1,649 unique credential pairs (about 3,500 in total) from platforms such as DAT Truckstop, TIMOCOM, Teleroute, Penske Logistics, Girteka and Electronic Funds Source. The campaign was uncovered when researchers at Have I Been Squatted found an exposed repository containing an SQL database and Telegram logs. Analysis suggests the actors are Armenian‑speaking and linked to Russian infrastructure. The phishing kit uses Cyrillic homoglyphs, Zoho SMTP, and Telegram bots to control the attack flow.

Sources: