Analyzing the Recent Smishing Campaign Through Compromised Cell Routers in Europe

Recent cyberattacks have leveraged vulnerabilities in industrial cellular routers, Milesight, to launch smishing campaigns affecting European users from early 2022.

Operational Details of the Smishing Attacks

The mechanics of the recent smishing campaign are sophisticated yet alarmingly direct. Malicious actors identified and exploited vulnerabilities within the Milesight router’s API, allowing them to latch onto its SMS sending capabilities. Once access was attained, attackers initiated a series of phishing texts designed to deceive recipients into divulging personal information or installing malware.

• The attack selectively targeted individuals across Sweden, Italy, and additional European regions, exhibiting a pattern favoring numbers linked to specific service providers known for lax security protocols.
• Messages typically masqueraded as alerts from legitimate institutions, urging immediate action and luring victims to fraudulent websites.
• Patterns show a preference for timing attacks to coincide with local peak hours of smartphone usage, optimizing the likelihood of victim response.

Countering the Smishing Menace

• Cybersecurity professionals must employ network monitoring tools that recognize anomalous behavior indicative of router exploitation, such as suspicious outbound traffic patterns and irregular login attempts.
• Implementing robust firewall rules that specifically block unauthorized access to router management interfaces can prevent attackers from compromising router settings.
• Organizations should work collaboratively with telecom operators to trace the source of smishing messages and block the SIM cards used for such activities.
• Upgrading firmware on devices, like Milesight routers, helps patch known vulnerabilities that could be exploited by attackers to send smishing messages.
• Educating end-users about the dangers of smishing and the importance of not clicking on unsolicited links, even if they look legitimate.
• Encouraging users to use two-factor authentication (2FA) as an additional security layer to protect their accounts from being compromised even if they fall victim to smishing.

• The recent smishing campaign exploiting Milesight routers captures the essential vulnerabilities within IoT (Internet of Things) and industrial devices, which can become gateways for wider network infiltration.
• Vulnerabilities in these devices underscore the need for ongoing security assurance, including regular updates and patches, rigorous testing, and proactive threat detection mechanisms.
• Manufacturers and users must prioritize the integration of robust security features at the development phase, factoring in strong encryption methods, authentication protocols, and secure firmware update processes.
• This incident is a stark reminder of the cascading effects of IoT vulnerabilities, where one weak link can compromise critical infrastructure and erode public trust in connected technologies.
• It further emphasizes the importance of cybersecurity collaboration among stakeholders, sharing threat intelligence, and adopting industry-wide best practices to fortify the cybersecurity infrastructure against evolving threats.

Conclusions

In conclusion, the exploitation of cellular routers signifies a worrying trend in cybercrime. Cybersecurity professionals must adapt rapidly to protect infrastructure and end-users from sophisticated smishing attacks.

Source: https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html