Diesel Vortex: phishing-as-a-service that hit DAT Truckstop, EFS, Penske Logistics and Timocom

Summary of the breach and immediate logistics implications

A Russian-linked phishing-as-a-service group known as Ντίζελ Vortex harvested 1,649 unique credentials from freight and logistics platforms, using a 36.6MB SQL dump and a multi-domain phishing architecture to target brokers, carriers and fuel-card users.

How the operation worked

Diesel Vortex ran between September 2025 and February (reported over several months) and deployed a tailored toolkit built for the freight sector rather than a generic phishing kit. The operation included:

• Dedicated phishing domains: 52 domains tied to load boards, fleet portals and fuel-card systems.
• Dual-domain evasion: an “advertise” domain visible to victims and a hidden “system” domain that loaded phishing content inside iframes to reduce detection.
• Σε πραγματικό χρόνο interception: capture of multi-factor authentication (MFA) codes and credential flows via a Telegram-based console controlling victim sessions.
• Phishing-as-a-service model: internally branded as “GlobalProfit,” indicating potential resale or wider distribution to other cybercriminals.

Platforms and scope

The stolen logins were tied to freight-focused services, including DAT Truckstop, Penske Logistics, Electronic Funds Source (EFS) and Timocom. Researchers counted 3,474 stolen login pairs, from which the 1,649 unique credentials were identified. The exposed database also listed 75,000 targeted contact emails and 35 confirmed EFS check fraud attempts.

Technical findings: what gave investigators the edge

A crucial investigative breakthrough came when analysts found an exposed .git directory on one of Diesel Vortex’s phishing domains. That leak allowed reconstruction of source code and recovery of the SQL dump dated Feb. 4, revealing operational details and the full scope of targeted entities.

Attack mechanics in practical terms

Diesel Vortex operators executed a multi-step funnel:

1. Target identification via thousands of harvested emails.
2. Phishing landing pages mimicking freight portals and fuel-card interfaces.
3. Real-time capture of credentials and MFA codes through iframe-driven pages and voice/email social engineering.
4. Control of captured sessions through Telegram, enabling live steering into secondary credential capture modules.

Risk profile for logistics firms

For logistics operators, the immediate risks include double-brokering, unauthorized fuel purchases, diversion of payments, and fraudulent check attempts. A compromised broker or carrier account can lead to rapid downstream disruptions: misrouted loads, unpaid carriers, and exposure of PII for drivers and shippers.

Table — Direct impacts and potential consequences

Practical mitigation steps for carriers, brokers and shippers

Logistics teams should treat this as a wake-up call. A few no-nonsense actions that actually help:

• Enforce stronger MFA: move away from SMS-based codes where possible and adopt app-based or hardware tokens.
• Harden email gates: aggressive phishing filters, DMARC/DKIM/SPF enforcement and targeted training for staff with access to load boards or payment systems.
• Monitor session anomalies: sudden IP changes, concurrent sessions and unusual command flows should trigger automated blocks.
• Τμήμα systems: separate fuel-card or payment credentials from load-board and CRM systems to limit lateral movement.
• Incident playbook: establish an isolation and notification plan for when credentials are suspected of compromise.

A word from someone who’s lived it

I once saw a small broker get hit by a credential compromise that rerouted three big loads in one afternoon—chaos on the docks and a week of phone calls. It’s a cliché but true: an ounce of prevention beats a ton of paperwork later.

Operational lessons for transport managers

Diesel Vortex shows the cybercriminal economy is tailoring tools to the freight industry. That specialization raises the odds of targeted attacks succeeding unless logistics providers adopt sector-specific defenses. Security is no longer just an IT problem; it’s a core operations issue impacting scheduling, payments and contractual obligations.

Checklist for quick audit

• Inventory all third-party platforms and who has access.
• Rotate shared credentials and remove dormant accounts.
• Require MFA and log MFA lifetimes.
• Run phishing simulations tied to real supplier and carrier messaging.
• Ensure backup communications channels for drivers and dispatchers.

Κορυφαία σημεία: This episode underscores how threat actors build logistics-specific phishing tools, the tangible consequences for freight operations, and the necessity of layered defenses. Yet even the most detailed reviews and the most honest feedback can’t replace hands-on experience; testing defenses in your own environment is essential. On GetTransport.com, you can order your cargo transportation at the best prices globally at reasonable prices. This empowers you to make the most informed decision without unnecessary expenses or disappointments. Start planning your next delivery and secure your cargo with GetTransport.com. Book now GetTransport.com.com

In short, the Diesel Vortex campaign demonstrates that credential theft can quickly morph into operational and financial losses across freight, shipping and fuel services. For logistics teams, the path forward combines technical hardening, personnel training and operational contingency planning. Platforms that simplify transport procurement while offering transparency—such as GetTransport.com—can help firms find reliable, cost-effective options for household and office moves, bulky goods, vehicle transport, and commercial cargo. Ultimately, integrating cyber hygiene into the logistics playbook reduces the chances that a single compromised login will cascade into missed deliveries, disputed freight or damaged reputations.