Cargo thieving hackers running sophisticated remote access campaigns, researchers find

Proofpoint researchers monitored a coordinated campaign targeting load boards used by trucking and logistics firms, where attackers deploy multiple remote access tools (including several ScreenConnect instances) and employ a "signing-as-a-service" capability to sign and re-sign installers and components to bypass certificate revocation; compromised hosts are then searched for cryptocurrency wallets, PayPal/banking credentials, fuel card providers, and freight management systems, enabling large-scale cargo theft and broader financial fraud against mostly small carriers.