Milesight Routers Exploited in European Smishing Campaign
Summary
Hide ▲
Show ▼
Unknown threat actors have been exploiting Milesight industrial cellular routers to send phishing SMS messages targeting users in European countries since at least February 2022. The campaign primarily targets Sweden, Italy, and Belgium, using typosquatted URLs that impersonate government platforms and various service providers. The attackers exploit an API vulnerability in the routers to send malicious SMS messages, with no evidence of backdoors or further exploitation on the devices. The vulnerability has been actively exploited to disseminate smishing campaigns, with about 572 of the 18,000 accessible routers potentially vulnerable. The attacks involve an initial validation phase to verify the router's SMS capabilities. The phishing URLs include JavaScript to check for mobile access and disable analysis tools.
Timeline
-
01.10.2025 14:07 1 articles · 11h ago
Smishing Campaign Targeting European Users via Milesight Routers Identified
Unknown threat actors have been exploiting Milesight industrial cellular routers to send phishing SMS messages targeting users in European countries since at least February 2022. The campaign primarily targets Sweden, Italy, and Belgium, using typosquatted URLs that impersonate government platforms and various service providers. The attackers exploit an API vulnerability in the routers to send malicious SMS messages, with no evidence of backdoors or further exploitation on the devices. The phishing URLs include JavaScript to check for mobile access and disable analysis tools.
Show sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
Information Snippets
-
The campaign targets Sweden, Italy, and Belgium using typosquatted URLs that impersonate government and service provider platforms.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The attackers exploit the cellular router's API to send malicious SMS messages.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The vulnerability has been actively exploited since at least February 2022.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The campaign does not involve backdoors or further exploitation on the devices.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The attacks involve an initial validation phase to verify the router's SMS capabilities.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The phishing URLs include JavaScript to check for mobile access and disable analysis tools.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The vulnerability exploited is CVE-2023-43261, an information disclosure flaw in Milesight routers.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07
-
The campaign uses domains that feature JavaScript to hinder analysis efforts and log visitor connections to a Telegram bot.
First reported: 01.10.2025 14:071 source, 1 articleShow sources
- Hackers Exploit Milesight Routers to Send Phishing SMS to European Users — thehackernews.com — 01.10.2025 14:07