Hackers Exploit Milesight Routers to Send Phishing SMS to European Users
Oct 01, 2025
Vulnerability / Malware
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy, and Belgium using typosquatted URLs that impersonate government platforms like CSAM and eBox, as well as banking, postal, and telecom providers. Of the 18,000 routers of this type accessible on the public internet, no less than 572 are assessed to be potentially vulnerable due to their exposing the inbox/outbox APIs. About half of the identified vulnerable routers are located in Europe. "Moreover, the API enables retrieval of both incoming and outgoing SMS messages, which indicates that the vulnerability has been actively exploited to disseminate malicious SMS campaigns since at l...
