Hackers earning millions from hijacked cargo, FBI says

Almost $725 million worth of cargo was stolen in the U.S. and Canada last year, much of which was fueled by a new wave of attacks where cybercriminals impersonate companies and steal cargo shipments by rerouting deliveries.

In an advisory this week, FBI officials said cyber actors have spent the last two years breaking into the systems of brokers and carriers — allowing them to pose as victim companies and post fraudulent listings on freight delivery message boards.

The cybercriminals then trick the brokers and carriers to hand over goods after redirecting the packages from their intended destination. Cargo theft losses in 2025 skyrocketed by 60% compared to 2024 and the average value of each theft increased by 36%.

The FBI notice comes after months of grumbling within several industries about incidents where large, expensive cargo has been hijacked after hackers redirected shipments. A vape company lost $1 million worth of products last year in a hacking-hijacking incident, according to  Bloomberg.

A source who spoke on condition of anonymity told Recorded Future News that the attacks have become a major concern for car dealers. The person, who works at a New York car dealership, said multiple cars being shipped from overseas have been stolen over the last 16 months. 

In each incident hackers breached load boards — online marketplaces where truck owners, shippers and freight brokers post listings and claim jobs they can complete. 

The FBI echoed the source’s assessment, writing in Wednesday’s advisory that threat actors are impersonating and spoofing brokers over email, sending malicious links that eventually give them access to the brokers' or carriers' systems.

“Criminal threat actors access trucking load boards, where they impersonate brokers using compromised carrier accounts to post additional fake loads — sometimes in the tens of thousands,” the FBI said. 

“Legitimate carriers bid on the fake loads and contact the threat actors, who provide the malicious carrier broker agreement and compromise the carrier's computer systems.”

The hackers then pose as the compromised carrier and accept shipments posted to the load boards. In some cases the cybercriminals conduct a process called “double-brokering” where they add a stop on the delivery chain and have an unwitting driver transport a package to a location different than the end destination. From there the hackers pick up the stolen cargo. 

The FBI said it has even seen incidents where cybercriminals “change the legitimate carrier's contact information with the Federal Motor Carrier Safety Administration and update insurance information to permit loads the legitimate carrier previously did not accept.” 

Carriers that have been compromised often do not know they were breached until brokers contact them upset about missing cargo that was booked under their name. 

The FBI warned that some cybercriminals have stolen cargo and then reached out to brokers demanding a ransom for the stolen load. Victims have been contacted by cybercriminals through email and phone, with some incidents involving overseas phone numbers.