216.73.217.139

Silent Smishing: The Hidden Abuse of Cellular Router APIs

· Published 01/10/2025 08:00 · Modified 01/10/2025 09:33

Export JSON

Essential information

Published
01/10/2025 08:00
Modified
01/10/2025 09:33
Tags
2025-10-01 CVE-2023-43261 api exploitation belgium cellular routers csam ebox phishing smishing vulnerability
Related entities
1 vulnerabilities (cve), 200 observables, 1 intrusion sets (apt), 5 techniques (mitre), 1 malware, 9 others

Description

This report analyzes a campaign exploiting vulnerabilities in Milesight Industrial to send malicious SMS messages. The attackers targeted primarily Belgian users by impersonating government services like and . Over 18,000 vulnerable routers were identified globally, with at least 572 potentially exploitable. The campaign has been active since February 2022, affecting multiple European countries. The attackers used NameSilo for domain registration and Podaon SIA for hosting. The infrastructure was linked to a threat actor cluster known as 'GroozaV2'. The report highlights the ongoing threat of and the need for increased vigilance against unsolicited messages.

External references