Cybersecurity experts have discovered a mass smishing campaign exploiting insecure industrial cellular routers, sparking fears about underreported IoT vulnerabilities.
How Scammers Use Industrial Routers as Smishing Tools
Since 2023, the scammers have been using Milesight IoT cellular routers to deliver humongous waves of SMS phishing attacks. These rugged, tough devices are commonly used in traffic management systems, electric meters, and other industrial equipment that use SIM cards for connectivity across 3G/4G/5G networks.
Typically intended for remote monitoring and automation, the routers can be accessed using text commands, web interfaces, or Python scripts. But with lax security measures and old firmware, thousands of units were left vulnerable online, and cybercriminals saw them as target-rich opportunities.
Read more: Gmail AI Phishing Attacks Skyrocket: FBI Warns Users to Take Action Now Before It's Too Late
Discovery of the Smishing Campaign
Security company Sekoia uncovered the fraud while monitoring suspicious network activity on its honeypots. Over 18,000 routers were found to be exposed, and at least 572 of them offered open access to APIs that were not authenticated.
The majority of the exploited devices had outdated firmware that was known to have documented vulnerabilities. Attackers utilized the routers to spread smishing (SMS phishing) campaigns and deliver fake messages to victims in Sweden, Belgium, and Italy.
The messages impersonated government services, requesting the recipient to log in and authenticate. The links, however, redirected users to phony websites that stole credentials.
Why Hackers Target These Devices
According to Ars Technica's report, researchers pointed out that the campaign worked well despite its naivety. By using industrial routers as decentralized distribution centers, attackers were able to evade detection systems by deploying attacks across several countries.
On top of that, they manage to escape immediate shutdowns, as compromised routers are more difficult to trace than centralized servers and take advantage of old software, with some running firmware older than three years.
Sekoia said that the case shows how inexpensive, available infrastructure can power high-impact phishing attacks.
What Vulnerability is the Culprit Behind Smishing
One of the suspected points of entry was CVE-2023-43261, a vulnerability patched in 2023 that leaked router files via a web interface. The bug permitted attackers to retrieve administrator passwords by reading encrypted credentials along with their encryption keys.
But Sekoia discovered evidence that indicated other techniques were involved, since some of the hacked devices were not hit by this particular vulnerability.
Smishing Sites That Employ Advanced Evasion Techniques
The scam sites weren't simple copies. A lot of them used JavaScript to prevent right-click operations, disable debugging tools, and deliver malicious content only when browsed from mobiles. Some even monitored visitor activity via Telegram bots controlled by familiar cybercrooks.
Billions of smishing messages are sent every month globally. The finding helps explain how attackers can scale their attacks. Rather than using sophisticated infrastructure, they target forgotten industrial IoT devices hidden in hard-to-reach places.
ⓒ 2025 TECHTIMES.com All rights reserved. Do not reproduce without permission.
