Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

Briefly

"Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy, and Belgium using typosquatted URLs that impersonate government platforms like CSAM and eBox, as well as banking, postal, and telecom providers."

""Moreover, the API enables retrieval of both incoming and outgoing SMS messages, which indicates that the vulnerability has been actively exploited to disseminate malicious SMS campaigns since at least February 2022," the company said. "There is no evidence of any attempt to install backdoors or exploit other vulnerabilities on the device. This suggests a targeted approach, aligned specifically with the attacker's smishing operations.""

"Of the 18,000 routers of this type accessible on the public internet, no less than 572 are assessed to be potentially vulnerable due to their exposing the inbox/outbox APIs. About half of the identified vulnerable routers are located in Europe. Further investigation has revealed that some of the industrial routers expose SMS-related features, including sending messages or viewing SMS history, without requiring any form of authentication."