VERY IMPORTANT

This report analyzes a smishing campaign exploiting vulnerabilities in Milesight Industrial Cellular Routers to send malicious SMS messages. The attackers targeted primarily Belgian users by impersonating government services like CSAM and eBox. Over 18,000 vulnerable routers were identified globally, with at least 572 potentially exploitable. The campaign has been active since February 2022, affecting multiple European countries. The attackers used NameSilo for domain registration and Podaon SIA for hosting. The phishing infrastructure was linked to a threat actor cluster known as 'GroozaV2'. The report highlights the ongoing threat of smishing and the need for increased vigilance against unsolicited messages.