Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Hackers Exploit Milesight Routers to Send Phishing SMS to European Users

The Hacker News by The Hacker News
October 1, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Oct 01, 2025Ravie LakshmananVulnerability / Malware

Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022.

French cybersecurity company SEKOIA said the attackers are exploiting the cellular router’s API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy, and Belgium using typosquatted URLs that impersonate government platforms like CSAM and eBox, as well as banking, postal, and telecom providers.

Of the 18,000 routers of this type accessible on the public internet, no less than 572 are assessed to be potentially vulnerable due to their exposing the inbox/outbox APIs. About half of the identified vulnerable routers are located in Europe.

DFIR Retainer Services

“Moreover, the API enables retrieval of both incoming and outgoing SMS messages, which indicates that the vulnerability has been actively exploited to disseminate malicious SMS campaigns since at least February 2022,” the company said. “There is no evidence of any attempt to install backdoors or exploit other vulnerabilities on the device. This suggests a targeted approach, aligned specifically with the attacker’s smishing operations.”

It’s believed the attackers are exploiting a now-patched information disclosure flaw impacting Milesight routers (CVE-2023-43261, CVSS score: 7.5), which was disclosed by security researcher Bipin Jitiya exactly two years ago. Weeks later, VulnCheck revealed that the vulnerability may have been weaponized in the wild shortly following public disclosure.

Further investigation has revealed that some of the industrial routers expose SMS-related features, including sending messages or viewing SMS history, without requiring any form of authentication.

The attacks likely involve an initial validation phase where the threat actors attempt to verify whether a given router can send SMS messages by targeting a phone number under their control. SEKOIA further noted that the API could also be publicly accessible due to misconfigurations, given that a couple of routers have been found running more recent firmware versions that are not susceptible to CVE-2023-43261.

The phishing URLs distributed using this method include JavaScript that checks whether the page is being accessed from a mobile device before serving the malicious content, which, in turn, urges users to update their banking information for purported reimbursement.

CIS Build Kits

What’s more, one of the domains used in the campaigns between January and April 2025 – jnsi[.]xyz – feature JavaScript code to disable right-click actions and browser debugging tools in an attempt to hinder analysis efforts. Some of the pages have also been found to log visitor connections to a Telegram bot named GroozaBot, which is operated by an actor named “Gro_oza,” who appears to speak both Arabic and French.

“The smishing campaigns appear to have been conducted through the exploitation of vulnerable cellular routers – a relatively unsophisticated, yet effective, delivery vector,” SEKOIA said. “These devices are particularly appealing to threat actors as they enable decentralised SMS distribution across multiple countries, complicating both detection and takedown efforts.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Bitcoin rises as investors seek a global safe haven amid shutdown

Bitcoin rises as investors seek a global safe haven amid shutdown

Recommended.

Adster Techologies awarded US Patent for breakthrough innovation in reducing latency in Ad Serving

Adster Techologies awarded US Patent for breakthrough innovation in reducing latency in Ad Serving

May 8, 2025
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

January 18, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio