Milesight industrial cellular router smishing campaign in Europe
Campaign
Summary
Hide ▲
Show ▼
The Milesight industrial cellular router smishing operation has kept sending malicious SMS messages to European users since at least February 2022, extending phishing risk across multiple countries. The abuse matters because the messages are delivered through exposed router APIs, letting attackers scale distribution and complicate takedown efforts. SEKOIA said the activity has mainly hit Sweden, Italy, and Belgium, and some lures impersonate government, banking, postal, and telecom brands. The operation is also linked to a now-patched CVE-2023-43261 flaw and to devices that expose SMS functions without authentication.
Related Happenings
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware Activity
First: 22.12.2025 08:11
Last: 22.12.2025 08:11
Sources 1
About this happening:
The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
Wonderland Android SMS stealer activity targeting Uzbekistan
Malware ActivityAbout this happening: The **Wonderland** Android SMS stealer is being spread through **malicious droppers** in attacks targeting **users in Uzbekistan**, enabling **SMS and OTP theft** and bank-card fr...
Milesight industrial cellular routers information disclosure flaw (CVE-2023-43261)
Vulnerability
First: 01.10.2025 14:07
Last: 01.10.2025 14:07
Sources 1
How related:
It's believed the attackers are exploiting a now-patched information disclosure flaw impacting Milesight routers (CVE-2023-43261, CVSS score: 7.5), which was disclosed by security researcher Bipin Jitiya exactly two years ago.
About this happening:
Attackers are exploiting **Milesight industrial cellular routers** through **CVE-2023-43261**, a now-patched **information disclosure flaw** that exposes **SMS-related APIs** on s...
Milesight industrial cellular routers information disclosure flaw (CVE-2023-43261)
VulnerabilityHow related: It's believed the attackers are exploiting a now-patched information disclosure flaw impacting Milesight routers (CVE-2023-43261, CVSS score: 7.5), which was disclosed by security researcher Bipin Jitiya exactly two years ago.
About this happening: Attackers are exploiting **Milesight industrial cellular routers** through **CVE-2023-43261**, a now-patched **information disclosure flaw** that exposes **SMS-related APIs** on s...
Timeline
-
01.10.2025 14:07 2 articles · 7mo ago
SEKOIA details Milesight router smishing campaign
Campaign Scope UpdateSEKOIA attributes a smishing campaign to unknown threat actors abusing Milesight industrial cellular routers to send malicious SMS messages to users in European countries, with primary targeting in Sweden, Italy, and Belgium. The activity uses exposed inbox and outbox APIs, and is believed to rely on a now-patched information disclosure flaw, CVE-2023-43261, while some routers expose SMS features such as sending messages or viewing SMS history without authentication. The phishing lures use typosquatted URLs that impersonate services such as CSAM and eBox, and the operators appear focused on SMS delivery rather than installing backdoors or exploiting other device vulnerabilities.
Show sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07