Telegram text and video messaging service has become a “thriving ecosystem” for cybercrime and will continue to be a major challenge for security researchers and law enforcement, a new report says.
It is largely used by individuals for legitimate messaging and purchases – including digital equipment, consumer loans, apparel and footwear – who appreciate it and believe it to be encrypted.
But Israel-based Banana researchers said in a Report released on Wednesday The Telegram messenger is also the center of cybercrime activities, including the sale and leakage of stolen personal and corporate data, the organization of cybercrime gangs, the distribution of hacking tutorials, hacktivism, and the sale of illegal physical products such as counterfeits and drugs.
are in groups that use the platform
– The lapsus$ Data extortion gang As of December 2022, it had over 55,800 customers. Although the group is quiet since March, 2022, When several alleged members were arrested in England;
– pro russia Kilnet Group. Its main Telegram channel is followed by more than 90,000 users, the report says, and its campaigns include several other influential hacking groups, including XakNet and NoName057;
– The Eternity Project, a malware-as-a-service operation that used Telegram bots to sell stolen information to actors who had purchased access to the service and to provide them
Opportunity to create binary. Stealer doesn’t have an admin panel to manage malware and attacks – everything is done via Telegram;
– “Checks Grub Shop” is a popular group for selling credit card information, counterfeit and stolen legitimate checks, packages containing individuals’ complete personal identities (known as fulz), and stolen bank logs;
Messaging services including Discord, Jabber, Tox and Wickr are also used by some cyberbullies, but many favor Telegram.
“One of the reasons why Telegram is so attractive to cybercriminals is its alleged built-in encryption
and the ability to create channels and large, private groups,” the report says. “These features make it difficult for law enforcement and security researchers to monitor and track criminal activity on the platform.
“In addition, cyber criminals often use coded language and alternate spellings to communicate on Telegram, making it even more challenging to decipher their conversations.”
The reason for Kela’s skepticism about encryption is that the company doesn’t disclose the application’s code, so there’s no way of knowing how secure it is.
The platform had an estimated 700 million monthly active users by November, 2022.
Telegram allows users to register accounts without disclosing personal information, reports notes, making it easy to set up multiple identities and use them to communicate without revealing one’s true identity. “Due to this anonymity, law enforcement organizations have difficulty tracking and identifying individuals using the program for illegal activities,” the report said.
numbers to officers when presented with a court order on terrorism-related charges
The company claims that it has not done so yet. However, the report says, recent investigations in Germany have revealed that the platform is sharing user data with government agencies and censoring content despite promises to keep users’ data secure and private.
Kela recommended Infosec teams
– Use threat intelligence monitoring solutions for continuous monitoring for capability
threats on Telegram and taking proactive measures to prevent them;
– Regularly train and educate employees on how to identify and respond to cyber
Threats on Telegram;
– implement technical controls, such as firewalls and intrusion prevention systems,
To prevent cyber criminals from accessing sensitive data;
– Cooperation and information sharing with law enforcement agencies and
Other organizations to improve ability to detect and disrupt cybercrime
– and conduct regular audits and assessments to identify any weaknesses or areas
To improve the organization’s security against cyber threats on Telegram.