In addition to attacking techniques, cybercriminals often rely on various mediums to deploy/spread their malware or Trojans across targeted networks. Several threat actor groups rely on social media platforms or instant messaging services like Facebook, Twitter, and WhatsApp for their malicious activities. Recently, a joint security investigation from Cyberint and Financial Times revealed that cybercriminals have been leveraging the messaging service platform Telegram for their cybercriminal activities.
Telegram is being misused to buy, sell, and distribute the compromised data and malware tools, making the platform an alternative to the darknet forum.
“We have been witnessing a 100% rise in Telegram usage by cybercriminals,” said Tal Samra, Cyber Threat Analyst at Cyberint.@cyber_int together with the @FinancialTimes, investigated how #Telegram emerges as new dark web for threat actors.
Full story:https://t.co/y1gH63Y2Y4 pic.twitter.com/Z2Y6tPvwz1
— Cyberint (@cyber_int) September 19, 2021
“We have recently been witnessing a 100% rise in Telegram usage by cybercriminals. Its encrypted messaging service is increasingly popular among threat actors conducting the fraudulent activity and selling stolen data as it is more convenient to use than the dark web,” said Tal Samra, cyber threat analyst at Cyberint.
Hacker Channels @Telegram
Telegram provides Channels that enable users to broadcast public messages to large audiences. Channels can have an unlimited number of subscribers allowing users to send and receive large-sized data files. The research found several Telegram channels named Email:pass, Combo, and combolist, which are hacker parlance that indicates stolen email and passwords lists. The attackers are reportedly circulating hundreds of thousands of leaked usernames and passwords.
The rise in cybercriminal activity using the Telegram platform came after several users sought alternatives after Facebook-owned WhatsApp changed its privacy policy.
Cybercrime on Telegram
Separate research from security threat intelligence firm vpnMentor revealed that cybercriminals are spreading stolen data dump on Telegram from previous cyberattacks and data breaches from various companies, including Facebook, marketing software provider Click.org, and dating site Meet Mindful.
“It appears that most data leaks and hacks are only shared on Telegram after being sold on the dark web – or the hacker failed to find a buyer and decided to share the information publicly and move on. Some of the data leaks were months old, but many were as recent as a few days. Hackers have also used Telegram as part of cyberattacks and blackmail schemes. After hackers stole a database from Israeli company Shirbit, they created a Telegram group and started sharing sensitive information as a form of extortion against the company,” vpnMentor said.