This article discusses a sophisticated smishing campaign that uses simple infrastructure to execute large-scale malicious operations. It also explores potential vulnerabilities in routers and the tactics used by threat actors to evade detection. #CVEs #Smishing #Routers #GroozaBot
Keypoints
- The smishing campaign demonstrates how accessible infrastructure can be used for impactful cyberattacks.
- Some compromised routers may have been exploited through the CVE-2023-43261 vulnerability, though not all evidence supports this theory.
- The campaign involved JavaScript techniques to hinder malware analysis, such as disabling right-click and debugging tools.
- Visitor interactions on phishing sites were logged via the GroozaBot Telegram bot operated by βGro_oza.β
- Many threat actors utilize small, overlooked devices in industrial environments to send massive volumes of smishing messages.