Industrial Cellular Router Vulnerabilities Exploited in European Smishing Campaigns

Read Industrial Cellular Router Vulnerabilities Exploited in European Smishing Campaigns on RadioNOVO

Industrial Cellular Router Vulnerabilities Exploited in European Smishing Campaigns

Unknown threat actors have been exploiting vulnerabilities in Milesight industrial cellular routers to conduct a smishing campaign targeting users in European countries since February 2022. The attackers are using the routers' API to send malicious SMS messages containing phishing URLs, primarily targeting countries like Sweden, Italy, and Belgium. The vulnerable routers, numbering around 572 out of 18,000 accessible on the public internet, have been actively exploited to disseminate these malicious SMS campaigns.

The vulnerability in the Milesight routers, which was disclosed two years ago and has since been patched, allows threat actors to send and retrieve SMS messages without authentication. The attackers likely verify the routers' capability to send SMS messages by targeting phone numbers under their control. The phishing URLs distributed through this method contain JavaScript that prompts users to update their banking information for reimbursement, luring them into clicking on malicious links.

The attackers have been using typosquatted URLs that impersonate government platforms and financial institutions to deceive users into divulging sensitive information. The campaigns have been ongoing since early 2022, with the attackers exploiting the vulnerability in the routers to conduct smishing operations. The attackers have also taken measures to hinder analysis efforts by disabling right-click actions and browser debugging tools on the malicious pages.

SEKOIA, the French cybersecurity company that discovered the exploitation of Milesight routers, highlighted the decentralized SMS distribution capability of these devices, making them an attractive target for threat actors. The smishing campaigns conducted through these vulnerable routers serve as an effective delivery vector for the attackers, complicating detection and takedown efforts. The ongoing exploitation of these vulnerabilities underscores the importance of timely patching and securing industrial routers to prevent malicious activities.