Imagine receiving a text message that appears to be from your bank, urgently requesting updated account details to prevent fraud, and with a quick click on the provided link, you unwittingly hand over personal information to cybercriminals. This scenario is becoming alarmingly common across Europe, where hackers are exploiting industrial routers to orchestrate sophisticated smishing—SMS phishing—campaigns. Since at least 2023, these attacks have targeted users in countries like Sweden, Italy, and Belgium, turning trusted devices into tools of deception. What makes this threat so insidious is its blend of technical exploitation and psychological manipulation, leaving both individuals and businesses vulnerable to devastating consequences.
Unmasking the Hidden Danger: Devices as Weapons
The scale of this cyber threat is staggering. French cybersecurity firm SEKOIA has uncovered that out of 18,000 Milesight cellular routers accessible on the public internet, at least 572 are potentially vulnerable due to exposed inbox/outbox APIs. These industrial routers, often used in critical infrastructure, are being hijacked to send malicious SMS messages, bypassing traditional security measures. The danger lies not just in the technology but in the trust users place in text messages, believing them to be secure and authentic.
This campaign’s reach across multiple European nations highlights a growing trend of cybercriminals weaponizing Internet of Things (IoT) devices. The ability to send deceptive messages directly from compromised routers creates an illusion of legitimacy, making it harder for recipients to spot the scam. As these attacks evolve, the line between safe connectivity and silent exploitation continues to blur, raising urgent questions about the security of everyday technology.
Why Europe Faces a Perfect Storm of Smishing Threats
Europe’s high mobile penetration and diverse digital infrastructure make it a prime target for smishing campaigns. With millions relying on SMS for banking alerts, government notifications, and personal communication, the region offers fertile ground for attackers exploiting human trust. Cellular routers, often overlooked in security protocols, provide an ideal entry point for distributing phishing messages on a massive scale, amplifying the risk of data theft and financial fraud.
The convergence of IoT vulnerabilities and social engineering tactics creates a dangerous duo. Hackers craft messages that mimic legitimate sources, preying on urgency and familiarity to prompt immediate action. For businesses and individuals alike, the stakes are high—stolen credentials can lead to drained bank accounts or compromised corporate systems, underscoring the need for heightened vigilance in an increasingly connected landscape.
Inside the Milesight Router Smishing Operation
The mechanics of this campaign reveal a chilling level of precision. Attackers exploit a now-patched information disclosure vulnerability, CVE-2023-43261 (CVSS score: 7.5), alongside misconfigured APIs on Milesight routers to send SMS messages without authentication. SEKOIA’s analysis shows that hackers often begin with a validation phase, testing a router’s SMS capabilities by sending messages to controlled numbers before launching broader attacks.
Their tactics are tailored for deception, using typosquatted URLs that imitate trusted entities like postal services or telecom providers. Phishing pages are designed with mobile users in mind, employing JavaScript to ensure content only displays on smartphones, coercing victims into sharing sensitive data. Specific domains, such as jnsi[.]xyz, active between January and April of this year, even disable right-click actions and debugging tools to evade detection, showcasing the attackers’ technical cunning.
Regionally, the impact is stark in countries like Sweden, Italy, and Belgium, where messages are customized to exploit local trust in familiar institutions. For instance, a fake banking alert might reference a well-known national lender, increasing the likelihood of user compliance. This targeted approach, blending cultural awareness with technological exploitation, makes the campaign particularly effective and difficult to counter.
Voices of Concern: Experts Weigh In on the Sophistication
Cybersecurity experts paint a sobering picture of the threat’s complexity. SEKOIA researchers note that the decentralized nature of SMS distribution via routers poses significant challenges for detection and mitigation, as messages originate from disparate, legitimate devices. This fragmentation frustrates efforts by authorities to trace and shut down the operations, allowing attackers to operate with relative impunity.
VulnCheck reports further reveal how swiftly cybercriminals weaponize known flaws, with CVE-2023-43261 exploited shortly after its disclosure. Adding to the intrigue, evidence of a Telegram bot named GroozaBot—linked to an individual known as “Gro_oza” who speaks Arabic and French—suggests active monitoring of victims. This level of coordination hints at motives beyond immediate financial gain, potentially including data harvesting for future attacks, as noted by industry analysts tracking the campaign’s evolution.
Armoring Up: Safeguarding Against Router-Based Smishing
Protecting against this threat demands a multi-layered approach. Device security starts with regular firmware updates for routers to patch known vulnerabilities and disabling unnecessary public-facing APIs. Businesses using industrial routers should prioritize audits to identify and rectify misconfigurations, ensuring that these devices do not become unwitting tools for cybercriminals.
User awareness is equally critical. Scrutinize SMS messages, especially those urging urgent action like updating banking details, and verify URLs through official channels before clicking. Mobile security tools can help detect and block phishing attempts, while reporting suspicious messages to telecom providers or cybersecurity authorities can aid in broader mitigation efforts. These individual steps form a first line of defense against sophisticated scams.
On a systemic level, stronger IoT security standards are imperative. Supporting regulations that mandate secure configurations and automatic updates for internet-connected devices can prevent future exploitation. Collaboration between manufacturers, policymakers, and cybersecurity professionals is essential to close the gaps that attackers exploit, building a safer digital ecosystem for all users.
Reflecting on a Persistent Battle
Looking back, the smishing campaign exploiting Milesight routers stood as a stark reminder of the vulnerabilities embedded in an interconnected world. The seamless integration of technology into daily life, while transformative, exposed critical weaknesses that cybercriminals were quick to manipulate. Each compromised device and deceptive message underscored the fragility of trust in digital communications.
Moving forward, the fight against such threats hinges on proactive measures. Strengthening device security, fostering user education, and advocating for robust industry standards emerged as vital steps to curb the misuse of IoT infrastructure. As technology continues to advance, anticipating the next wave of cyber threats—perhaps targeting emerging smart systems—became not just a precaution, but a necessity to safeguard Europe’s digital future.