Europe's IoT Under Siege: Milesight Routers Exploited in Massive Smishing Attacks
European telecommunications and IT service providers are grappling with a wave of smishing attacks exploiting Milesight cellular routers. These routers, used in industrial environments to connect IoT systems via mobile networks, have been found vulnerable, with over 18,000 accessible online.
The attacks, active since 2022, primarily target European countries like Belgium, France, Italy, and Sweden. Cybercriminals are exploiting a major vulnerability, CVE-2023-43261, which allows them to gain full access to routers by exposing encrypted passwords. The routers can be controlled via SMS, enabling attackers to send phishing messages en masse.
Phishing websites employed in these attacks use techniques like mobile device detection and disabling browser functions to hinder analysis. Inconspicuous IoT devices within industrial installations are playing a crucial role in these large-scale operations. With hundreds of these routers lacking security and running outdated firmware, the threat persists.
More than 18,000 Milesight cellular routers remain vulnerable online, with attackers sending smishing messages from multiple countries simultaneously, making detection and blocking more challenging. European service providers are urged to secure their routers and update firmware to mitigate further attacks.
