Silent Smishing : The Hidden Abuse of Cellular Router APIs

Sekoia.io observed active exploitation of Milesight industrial cellular routers—via unauthenticated SMS APIs and likely credential theft or CVE-2023-43261-related issues—to distribute large-scale smishing campaigns since Feb 2022, primarily targeting Belgium (CSAM/eBox impersonation) and other European countries; the analysis details honeypot traces, vulnerable firmware counts (572 of a sampled 6,643; ~19k devices exposed overall), attacker infrastructure (domains, hosting with Podaon SIA/NameSilo, Grooza cluster), phishing kit behaviours, and numerous IOCs for detection and mitigation.