Telegram Exploited for Illicit Activities: Access, Malware, and Stolen Logs on the Rise

Post Views: 4

Cybercrime Communities Thrive on Telegram, Despite Increased Cooperation with Law Enforcement

A recent analysis by cybersecurity research firm CYFIRMA has revealed that Telegram has become a primary hub for cybercriminal activity, with hackers leveraging the messaging app to sell corporate access, malware subscriptions, and stolen login credentials.

Telegram: A High-Speed Marketplace for Illicit Goods and Services

The research suggests that cybercriminals have migrated to Telegram due to its ease of use, speed, and resilience. Unlike the Dark Web, which requires specialized software and technical expertise to access, Telegram is a widely available and user-friendly platform.

Sale of Initial Access to Corporate Networks

One of the primary concerns is the sale of initial access to corporate networks, which can be used as a foothold for further attacks. Hackers are using Telegram to advertise and sell direct access to company systems, often providing live proof of their claims, such as screenshots of VPN portals or cloud dashboards.

Malware-as-a-Service (MaaS) Subscriptions

In addition to the sale of initial access, Telegram is also being used to peddle malware-as-a-service (MaaS) subscriptions. These subscriptions provide hackers with access to regularly updated malware tools, including stealers and loaders, which can be used to compromise victim systems.

Trade of Stolen Login Credentials

Furthermore, the platform is being used to trade stolen login credentials, harvested from infected computers worldwide, in massive searchable databases known as “log clouds.”

Use by Hacktivist Groups

The research also highlights the use of Telegram by hacktivist groups, who use the platform to coordinate attacks, share resources, and disseminate propaganda.

These groups often use public channels to bully companies, posting leak countdowns and samples of private files to extort payouts.

Increased Cooperation with Law Enforcement

Despite increased cooperation between Telegram and law enforcement agencies, with the platform reporting a significant rise in data sharing, cybercrime activity on the platform continues to expand.

Telegram’s Role in the Cybercrime Ecosystem

The research concludes that Telegram has become a critical component of the cybercrime ecosystem, providing a scalable storefront and customer support hub for financially motivated actors, a mobilization and propaganda amplifier for hacktivists, and a rapid distribution channel for state-aligned operations.

As such, it is essential for organizations to be aware of the risks associated with Telegram and to take steps to protect themselves from the growing threat of cybercrime on the platform.