Cybercriminals are exploiting vulnerabilities in Milesight industrial cellular routers to send phishing SMS messages across Europe. The campaign, active since at least February 2022, leverages the routers' SMS functionality to distribute malicious links impersonating government services, banks, and telecom providers, primarily targeting users in Sweden, Italy, and Belgium.

Key Takeaways

• Milesight industrial cellular routers are being exploited to send phishing SMS messages.

• The attacks primarily target users in Sweden, Italy, and Belgium.

• Vulnerabilities, including unauthenticated API access, are being leveraged.

• The campaign has been ongoing since at least February 2022.

Exploitation of Router Vulnerabilities

Threat actors are abusing Milesight routers by exploiting their SMS-related APIs. While a previously disclosed information disclosure flaw (CVE-2023-43261) may have been used, many routers are also found to expose these SMS features without requiring any authentication. This allows attackers to send messages and retrieve SMS history, facilitating large-scale smishing operations.

Smishing Campaign Details

The smishing campaigns distribute phishing URLs that often contain JavaScript to detect mobile devices before serving malicious content. These pages typically urge users to update banking information. Some domains used in the campaign have employed techniques to hinder analysis, such as disabling right-click actions and browser debugging tools. The operation appears to be specifically focused on smishing, with no evidence of attempts to install backdoors or exploit other device vulnerabilities.

Scope and Impact

Security researchers estimate that out of approximately 19,000 Milesight routers accessible online, at least 572 are potentially vulnerable due to exposed SMS APIs. A significant portion of these vulnerable devices are located in Europe. The attackers' method of using routers allows for decentralized SMS distribution across multiple countries, complicating detection and takedown efforts. The campaign has been observed sending mass messages to tens of thousands of numbers in Sweden and Italy, alongside targeted campaigns in Belgium and France impersonating various services.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Hackers Exploit Milesight Routers to Send Phishing SMS to European Users, The Hacker News.

• Risky Bulletin: Router APIs abused to send SMS spam waves, Risky Biz.

• Hackers Use Cellular Router API to Send Malicious SMS with Weaponized Links, GBHackers News.