Diesel Vortex: A Cyber Threat Targeting Freight and Logistics Industries
A recent investigation has unveiled a significant threat to the global logistics industry orchestrated by a group known as Diesel Vortex. This Armenian-speaking cybercriminal organization has employed a sophisticated phishing campaign targeting freight and logistics sectors across North America and Europe. By utilizing a network of typosquatted domains, Diesel Vortex has managed to harvest sensitive login credentials, compromising over 1,600 unique accounts from major freight platforms and logistic providers since its operational ramp-up in late 2025.
The campaign, which began in September 2025, involved the creation of 52 fraudulent domains designed to mimic legitimate login portals for employees at prominent industry players such as Penske Logistics, Girteka, and TIMOCOM. This deceptive strategy has allowed Diesel Vortex to successfully intercept thousands of credentials, posing a considerable risk to the supply chain and financial security of the organizations targeted.
Researchers at Have I Been Squatted played a crucial role in uncovering this operation. They stumbled upon an exposed repository associated with Diesel Vortex that contained a SQL database linked to a phishing toolkit named Global Profit. This toolkit was being marketed under the different name MC Profit Always to other criminals, indicating a level of collaboration and sharing of resources within the cybercriminal community. The leaked data provided valuable insights into the scope of the theft, revealing that nearly 3,500 credential pairs were collected, with approximately half being unique logins from critical industry service providers.
In addition, the investigation yielded Telegram webhook logs that recorded communications among the individuals managing the phishing infrastructure. This linguistic evidence led researchers to conclude that the group primarily consists of Armenian speakers, furthering the link to regional cybercrime networks. Interestingly, the technical setup of the campaign showed strong ties to Russian infrastructure, underscoring a sophisticated level of coordination and resource management within the Eastern European cybercriminal ecosystem.
This investigation into Diesel Vortex also involved collaborative efforts with the tokenization infrastructure provider Ctrl-Alt-Intel. By merging technical data with open-source intelligence, the researchers successfully mapped out connections between the phishing operators and the specific companies being targeted. This comprehensive tracking enabled the team to identify the full scope of the infrastructure used for these attacks and maintain oversight on how the stolen data was being organized and recycled back into the cybercriminal economy.
Despite the exposure of key elements of their operation, the Diesel Vortex campaign spotlights a persistent vulnerability within the logistics sector. Platforms like Teleroute and EFS have been identified as high-value targets, indicating that the logistics industry remains an enticing landscape for cybercriminals. The ability of Diesel Vortex to simultaneously operate dozens of fraudulent domains highlights the ongoing effectiveness of typosquatting as a primary attack vector in phishing schemes. As the logistics industry increasingly embraces digital transformation, the urgency for enhanced domain monitoring and improved credential security cannot be underscored enough.
The ramifications of Diesel Vortex’s activities are significant, not only for the companies targeted but also for the entire freight and logistics ecosystem. These incidents raise critical questions about how companies can better secure their networks and protect sensitive data in an era where cyberattacks are becoming increasingly sophisticated and prevalent.
In summary, the revelation of Diesel Vortex’s phishing campaign serves as a stark reminder of the vulnerabilities inherent in the logistics sector. The operation has made clear that proactive security measures are essential in safeguarding businesses against the ever-evolving tactics of cybercriminals. It is imperative that organizations in the logistics and freight industries take heed of these findings and implement robust security protocols to thwart potential breaches as they advance into a more digital future.
For more information on the Diesel Vortex campaign and its implications for the logistics industry, one can refer to the original research detailed by Have I Been Squatted.