Between 10 and 13 October 2025, DSV was reportedly hit by a cyberattack claimed by the ransomware group CoinbaseCartel. According to the cybercriminals, the attack involved unauthorised access to corporate systems and the theft of sensitive data. The specialist website ransomware.live reported that the attack affected 366 employees, 1,111 internal users, 79 third-party credentials and 159 external attack surfaces. DSV told Danish daily Finans that although it had been “mentioned externally”, its operations were not disrupted and its systems remain fully operational.
CoinbaseCartel emerged on 15 September 2025 and is known for adopting an attack model focused on data theft rather than encrypting systems. Unlike traditional ransomware, the group’s declared goal is to pressure victims through the threat of releasing confidential information. The case reflects a significant rise in cyberattacks across the logistics sector. According to a 2025 analysis by Maticmind’s Cyber Defense Center, serious incidents have risen by 48% over the past five years, from 12 in 2020 to an estimated 60 in 2025.
The structural characteristics of logistics amplify the sector’s vulnerability. Supply chains operate through interconnected digital networks linking manufacturers, freight forwarders and distributors, creating numerous access points that can be exploited by attackers. Gartner estimates that an average logistics operator manages over 1,200 active endpoints, up 40% since 2022. This is compounded by the widespread use of outdated operational technologies connected to the Internet without adequate security measures.
The economic impact of such attacks is substantial. The average cost of a large-scale cyber incident in the supply chain exceeded 20 million dollars in 2025, while global spending on cyber-related damages is expected to rise from 46 billion dollars in 2023 to 60 billion dollars by the end of 2025. Past episodes illustrate the scale of the threat: the NotPetya attack on Maersk in 2017 caused losses of 350 million dollars and more than 10 billion dollars in total damage to the global supply chain.
The evolution of threats is moving towards more targeted attacks. Operations conducted via third-party providers doubled in the first half of 2025, while the ransomware-as-a-service model has made intrusion techniques more accessible. The use of artificial intelligence in phishing and social engineering campaigns is further increasing the effectiveness of these operations.
An analysis by Socradar of stolen credential databases shows that the most affected companies in the logistics sector include FedEx (26.44%), UPS (24.86%), DHL (22.19%), Maersk (15.26%) and DSV (0.55% before the recent attack). Security authorities have also reported a rise in geopolitically motivated attacks attributed to groups linked to Russia, China, North Korea and Iran, with objectives ranging from industrial sabotage to the theft of strategic information.
