Silent Smishing: The Hidden Abuse of Cellular Router APIs
Essential information
- Published
- 01/10/2025 08:00
- Modified
- 01/10/2025 09:33
- Tags
- 2025-10-01 CVE-2023-43261 api exploitation belgium cellular routers csam ebox phishing smishing vulnerability
- Related entities
- 1 vulnerabilities (cve), 200 observables, 1 intrusion sets (apt), 5 techniques (mitre), 1 malware, 9 others
Description
This report analyzes a smishing campaign exploiting vulnerabilities in Milesight Industrial Cellular Routers to send malicious SMS messages. The attackers targeted primarily Belgian users by impersonating government services like CSAM and eBox. Over 18,000 vulnerable routers were identified globally, with at least 572 potentially exploitable. The campaign has been active since February 2022, affecting multiple European countries. The attackers used NameSilo for domain registration and Podaon SIA for hosting. The phishing infrastructure was linked to a threat actor cluster known as 'GroozaV2'. The report highlights the ongoing threat of smishing and the need for increased vigilance against unsolicited messages.