Malware is added to e-mails which contain shipping documents as attachments. When that document is being opened, an alert will pop up indicating that an updated version of a certain Acrobat application has to be downloaded.
A link is being provided and sometimes the ‘update’ is being attached to the e-mail too and the user is being recommended to install the update.
From that moment on, the virus will make a printscreen of the desktop every 30 seconds, send it back to the criminal and as a result the cybercriminal can run into sensitive information such as the contents of specific sea containers.
The next step is to use the information observed to send letters to other companies. This can include instructions to pick up specific containers and deliver them to certain addresses.
Using authentic data, it is impossible to know whether a legitimate company has sent those instructions or not.
Immediately after its arrival, criminals will empty the container.
Local experts and police are still investigating these events and are not entirely sure whether the above is the exact working method of the criminals.
Dutch language news article: