A wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers, primarily targeting Belgian users with phishing SMS messages impersonating government services. The campaign exploits unsecured routers to send large-scale phishing messages, highlighting the vulnerability of IoT devices in cyber threats. #MilesightRouters #BelgiumPhishing
Keypoints
- Cybercriminals exploited Milesight Industrial Cellular Routers to send phishing SMS messages.
- Over 19,000 routers are accessible on the public internet, with at least 572 vulnerable to unauthenticated access.
- The attacks primarily target Belgium, impersonating government services like CSAM and eBox.
- Phishing campaigns have been active since at least February 2022, with recent waves in mid-2025.
- Attackers use hosting providers like Podaon and register phishing domains via NameSilo to facilitate their campaigns.
Read More: https://www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/