Industrial Routers Exploited for SMS Phishing Campaigns Since 2023

Cybersecurity experts at Sekoia have uncovered an ongoing campaign where attackers are exploiting unsecured Milesight industrial routers to send phishing SMS messages. This campaign, active since 2023, leverages vulnerabilities in these routers to disseminate fraudulent messages to unsuspecting victims. The exploitation of industrial routers underscores a critical gap in IoT and industrial device security, often overlooked in comprehensive cybersecurity strategies. Industrial routers like those from Milesight are integral to many operational technology (OT) networks, facilitating communication and data transfer in industrial environments. However, their security is frequently neglected, making them attractive targets for cybercriminals. The attackers in this case are using these routers as a platform to launch SMiShing (SMS phishing) attacks, which can lead to credential theft, malware distribution, or other malicious activities. The technical implications of this exploit are significant. Industrial routers often have direct access to critical systems and networks. If compromised, they can serve as a gateway for broader network infiltration. Moreover, the use of SMS phishing indicates a shift towards exploiting less monitored communication channels, increasing the likelihood of successful attacks due to lower user awareness and security measures. The impact on the cybersecurity landscape is profound. This incident highlights the need for organizations to extend their security posture beyond traditional IT assets to include all networked devices, particularly those in industrial and IoT environments. Regular vulnerability assessments, robust patch management, and continuous network monitoring are essential to mitigate such risks. From an expert perspective, this campaign is a stark reminder of the importance of securing every network component. Industrial routers, often considered peripheral devices, can become critical attack vectors if not properly secured. Organizations must adopt a holistic approach to cybersecurity, ensuring that all devices, regardless of their perceived importance, are included in security protocols and updates. For actionable intelligence, cybersecurity professionals should prioritize the identification and remediation of vulnerabilities in industrial routers and similar devices. Implementing network segmentation, regular security audits, and employee training on recognizing phishing attempts can significantly reduce the risk of such exploits.