Inside “Diesel Vortex”: How a Russian-Armenian Cybercrime Syndicate Hijacked Western Freight
Subtitle: An elaborate phishing operation breached U.S. and European cargo chains, exposing the growing digital threat to global logistics.
On a quiet Wednesday in spring, a cybersecurity researcher stumbled upon a digital breadcrumb-an exposed .git directory on a suspicious website. What followed would unravel a sprawling cybercrime operation that had, for months, silently siphoned secrets from the very arteries of Western commerce: the freight and logistics industry.
The hackers, known as “Diesel Vortex,” were anything but amateurs. For five months, they infiltrated platforms vital to the movement of goods-load boards, fleet management systems, and fuel card portals-posing as legitimate carriers and brokers. Their prize: login credentials that granted access to shipping schedules, cargo values, and the ability to reroute or steal entire freight loads.
Researchers from Have I Been Squatted, a domain protection group, pieced together the syndicate’s playbook after discovering the exposed codebase. The files revealed not just technical blueprints but also internal chats-some in Armenian-where operators discussed targeting high-value cargo and coordinated “double-brokering” scams. In these schemes, a criminal books a load under a stolen identity, then reassigns it, masking their tracks and making recovery nearly impossible.
The scale and professionalism stunned investigators. The operation included a structured hierarchy, a call center, mail support, and dedicated roles for communicating with drivers and industry contacts. Their phishing-as-a-service platform, branded “MC Profit Always,” was poised to let other criminals rent the tools needed to exploit the logistics sector.
Technical analysis tied the infrastructure to Russian-registered domains and corporate records linked to Russian businesses in warehousing and transport. Meanwhile, chats referenced Yerevan, Armenia, and included Armenian-language exchanges about lucrative targets. The multinational flavor of the group reflects the increasingly global nature of cybercrime.
With support from cybersecurity giants like Google, Cloudflare, and GitLab, the operation’s infrastructure was ultimately dismantled. But the damage was done: stolen credentials, diverted cargo, and a chilling demonstration of just how vulnerable the digital backbone of global trade has become.
As lawmakers scramble to respond-most recently with the proposed Combatting Organized Retail Crime Act-security experts warn that the freight industry’s digital transformation is a double-edged sword. While efficiency soars, so too does exposure to sophisticated, international cybercriminals. “Diesel Vortex” is almost certainly not the last of its kind.
In the high-stakes world of logistics, trust is currency-and, as this case proves, a single compromised password can cost millions. The freight industry may move the world, but now it must learn to defend itself in the shadowy lanes of cyberspace.
WIKICROOK
- Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
- .git directory: The .git directory is a hidden folder used by Git to track changes and store a project’s complete version history and configuration.
- Double: Double extortion is a cyberattack where criminals both encrypt and steal data, threatening to leak it unless the victim pays a ransom.
- Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
- Credential theft: Credential theft occurs when hackers steal usernames and passwords, often via phishing or data breaches, to illegally access online accounts.




