Cybercriminals are increasingly targeting trucking and logistics companies, aiming to infect them with remote monitoring and management (RMM) software to steal cargo. This ongoing threat, tracked since June 2025 by Proofpoint, involves collaboration with organized crime, focusing mainly on food and beverage products. The attackers hijack email accounts and use spear-phishing tactics to infiltrate companies, often posting fraudulent freight listings on load boards to lure carriers into clicking malicious links. Once the attackers gain access, they deploy legitimate RMM tools like ScreenConnect and PDQ Connect, which allow them to operate undetected within the companies' networks. They conduct reconnaissance, harvest credentials, and in at least one incident, manipulated the dispatch system. By deleting existing bookings and adding their own devices to the dispatcher's extension, they booked loads under compromised accounts. Since August 2025, up to two dozen campaigns have targeted various transportation entities, from small family-owned businesses to large firms, showing a broad and opportunistic approach to exploitation. The use of RMM software provides attackers with a significant advantage. These tools are common in enterprise environments, making them less likely to raise red flags with security systems. Attackers can create and distribute these tools easily, exploiting their legitimacy to evade detection. This method not only streamlines their operations but also reduces the chances of being caught.