Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Smishing targets routers in Belgium 2025

October 2, 2025
Reading Time: 2 mins read
in Alerts
Smishing targets routers in Belgium 2025

A newly identified series of smishing attacks has been linked to compromised Milesight Industrial Cellular Routers. Researchers at Sekoia.io’s Threat Detection & Research team discovered that threat actors were exploiting the routers’ APIs to send fraudulent text messages. This tactic has repeatedly targeted Belgian users, impersonating official government services.

The malicious activity was first detected on July 22, 2025, when honeypots recorded suspicious requests. Investigators found that the manipulated routers were sending SMS messages that contained phishing links. These messages were often disguised as communications from CSAM and eBox, two widely used Belgian government platforms. The texts were written in Dutch and French and consistently used Belgium’s +32 country code.

Sekoia.io noted that more than 19,000 of these routers are accessible on the public internet, and at least 572 of them are exposed to unauthenticated access. This vulnerability allows attackers to send or retrieve SMS messages without needing to log in. Logs suggest that this technique has been in use since at least February 2022.

Although these campaigns have also reached France, Italy, Sweden, and other countries, Belgium remains the most frequent target. Between November 2022 and July 2025, multiple distinct operations impersonated federal authentication and digital mailbox services. In June and July 2025 alone, several new phishing domains mimicking these services were registered. The smishing campaigns often follow a validation phase: attackers test whether a compromised router can send SMS messages by directing initial texts to numbers they control. Once confirmed, the devices are then used to launch mass phishing waves.

The infrastructure supporting these campaigns appears to be tied to Lithuanian hosting provider Podaon, with phishing domains frequently registered through NameSilo. Some of the fraudulent websites even used scripts to restrict access from non-mobile devices, a tactic that limits detection by security analysts. Sekoia.io’s findings highlight how vulnerable equipment is being leveraged to conduct wide-reaching fraud.

Reference:

  • Smishing campaigns exploit cellular routers to intercept and target Belgium user
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityOctober 2025
ADVERTISEMENT

Related Posts

PolarEdge Expands Router Botnet

PolarEdge Expands Router Botnet

October 22, 2025
PolarEdge Expands Router Botnet

Google Finds New Russian Malware

October 22, 2025
PolarEdge Expands Router Botnet

Copilot Flaw Exposes Sensitive Data

October 22, 2025
WatchGuard Devices At Risk Of RCE

BitLocker May Lock Your Data Silently

October 21, 2025
WatchGuard Devices At Risk Of RCE

North Korea Hackers Use New JS Malware

October 21, 2025
WatchGuard Devices At Risk Of RCE

WatchGuard Devices At Risk Of RCE

October 21, 2025

Latest Alerts

Copilot Flaw Exposes Sensitive Data

PolarEdge Expands Router Botnet

Google Finds New Russian Malware

BitLocker May Lock Your Data Silently

North Korea Hackers Use New JS Malware

WatchGuard Devices At Risk Of RCE

Subscribe to our newsletter

    Latest Incidents

    Union Cyberattack Raises Concerns

    Romanian Prisoner Hacks Prison IT

    Hackers Claim Data On NSA Officials

    Muji Stops Online Sales After Attack

    Major Telco Confirms Cyber Breach

    Russian Hackers Leak UK MoD Files

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial