Shipping company credentials being shared on cybercrime underground


A cybercrime intelligence company has revealed that the cybercrime underground is flush with shipping companies’ credentials.

Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground. The companies with their credentials being sold range from air, ground, and maritime cargo transport.

Observations from the company included:

Within the span of two weeks in July 2021, one new user and one well-known access broker claimed to have access to a network owned by a Japanese container transportation and shipping company. The new user included the company’s credentials in a dump of 50 other companies.

In August 2021, one user known to work with groups that have deployed Conti ransomware claimed access to corporate networks belonging to a US-based transportation management and trucking software supplier and a US-based commodity transportation services company.

READ: Evolving cybersecurity in ports (£)

In September 2021, a user with ties to the FiveHands ransomware group claimed access to hundreds of companies, including a UK-based logistics company. Additionally, a new user claimed to have gained access to a Bangladesh-based shipping and logistics company.

In October 2021, a newcomer to a well-known cybercrime forum claimed access to the network of a US-based freight forwarding company, alleging that he had local administrator rights and could access 20 computers in the company’s network. Also in October, a newcomer on a different well-known cybercrime forum claimed access to a Malaysian logistics company.

Hong Kong-based ocean carrier Orient Overseas Container Line (OOCL) has become aware of a recent increase in fraudulent activities and has reminded its customers to stay vigilant to protect them against any potential financial loss and cyber risk.

In its latest customer service update, it stated that fraudsters could attempt to defraud remittances through the unauthorised use of OOCL’s name via email correspondences, informing the victim to change the payment receiving bank account number to one owned by the fraudster.

Daily Email Newsletter

Sign up to our daily email newsletter to receive the latest news from Port Technology International.

Supplier Directory

Find out how to get listed

Webinar Series

Find out how to attend

Latest Stories

Cookie Policy. This website uses cookies to ensure you get the best experience on our website.