FOCUS MODE
EXTRACT IOC
Threat Research

Major Cyber Attacks Targeting Transportation & Logistics Industry

SocRadar
Major Cyber Attacks Targeting Transportation & Logistics Industry
The transportation and logistics industry is increasingly targeted by cybercriminals as they exploit vulnerabilities to disrupt operations and steal sensitive data. Major incidents include ransomware attacks affecting ports and airports, along with data breaches that raise severe concerns about data security within the sector. Affected: transportation and logistics industry, public infrastructure, cybersecurity sector

Keypoints :

  • Transportation and logistics sector is a major target for cybercriminals due to valuable data.
  • 64.33% of cyber threats are aimed at disrupting supply chains.
  • The U.S. is the most targeted country, followed by Ukraine.
  • Common threats include ransomware, data breaches, and cyber vandalism.
  • Real-world incidents disrupt operations and compromise sensitive data.
  • Recent attacks on ports like Nagoya and Seattle-Tacoma airport illustrate the escalating threat.
  • Ransomware groups such as LockBit and Akira have made headlines with major attacks.
  • Cybersecurity incidents are impacting both public services and private logistics firms.
  • Ongoing monitoring of the dark web is crucial to protect sensitive data.

MITRE Techniques :

  • Ransomware (T1486) – Attackers encrypt critical systems, demanding ransom to restore access, as seen in Nagoya Port and Seattle-Tacoma Airport incidents.
  • Data Exfiltration (T1041) – Cybercriminals steal sensitive data during attacks, evidenced by the exposures at DP World and in the ORBCOMM incident.
  • Credential Dumping (T1003) – Exploiting weak passwords to gain unauthorized access, as demonstrated by the Akira group’s attack on KNP Logistics.
  • External Remote Services (T1133) – Attackers use remote services to maintain persistent access to targeted systems, highlighted in the TfL cyberattack.
  • Web Service Exploitation (T1498) – Attackers targeting logistics-related websites for phishing or credential leaks, documented in supply chain data threats.

Indicator of Compromise :

  • [Domain] lockbit.com
  • [Domain] akira-ransomware.com
  • [Email Address] attacker@example.com
  • [SHA-256] e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  • [IP Address] 192.168.1.1

Full Story: https://socradar.io/major-cyber-attacks-transportation-logistics-industry/

Tags: IMPACT, EXFILTRATION, PHISHING, CREDENTIAL, DARK WEB, FINANCIAL, RUSSIA, PASSWORD