What is the story about?
What's Happening?
Threat actors have exploited the APIs of Milesight Industrial Cellular routers to conduct smishing attacks across Europe. These attacks primarily targeted Belgium between November 2022 and July 2025, using the routers to send malicious SMS messages that impersonated government platforms such as CSAM and eBox. The campaign also involved impersonations of French banking and postal entities, as well as Swedish and Danish telecommunications providers. Researchers from Sekoia.io's Threat Detection & Research team identified the use of NameSilo-registered phishing domains and infrastructure linked to Podaon, a hosting provider in Lithuania, in these intrusions.
Why It's Important?
The exploitation of cellular router APIs for smishing campaigns highlights significant vulnerabilities in network security, affecting both individuals and organizations. As these attacks impersonate trusted entities, they pose a risk of data breaches and financial loss. The widespread nature of these campaigns across multiple European countries underscores the need for enhanced cybersecurity measures and awareness. Organizations and individuals must remain vigilant against unsolicited messages, especially those containing suspicious URLs or urgent calls to action, to protect against potential threats.
What's Next?
Heightened vigilance and skepticism are essential defenses against smishing attempts. Users are advised to be cautious of unsolicited messages and to verify the authenticity of communications from trusted entities. Organizations may need to invest in stronger security protocols and employee training to mitigate the risks associated with such attacks. As the threat landscape evolves, continuous monitoring and adaptation of security strategies will be crucial in preventing future incidents.
Beyond the Headlines
The use of cellular router APIs in smishing campaigns represents a shift in cybercriminal tactics, leveraging infrastructure vulnerabilities to reach a broader audience. This development may prompt regulatory bodies to consider stricter security standards for network devices and APIs. Additionally, the international scope of these attacks could lead to increased collaboration between countries to address cybersecurity threats and share intelligence.
AI Generated Content
Do you find this article useful?
