Illicit Telegram Networks

12189122852?profile=RESIZE_400xIn recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries.  Telegram is one of the most notable platforms that has been host to many malicious actors and nefarious activities.  Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted many threat actors driven by criminal purposes.[1]

Many cybercriminals have moved operations into illicit telegram channels to expand their reach and exploit to wider audiences.  As a result, many of these illicit Telegram networks have negatively impacted many industries of the increase of cyberattacks and data leaks across the globe.

While any industry can be affected by the cybercriminals operating on Telegram, several industries are more significantly impacted by these illicit activities.  The increased popularity of Telegram has allowed individuals to connect and communicate globally.  That popularity has already increased the illicit channels and communities shared within Telegram.  Within many of the illicit channels on Telegram, there is often a variety of buying, selling, and trading of stolen credentials, data, and goods.  However, some illicit activities are more prevalent than others.  The following are some of Telegram channels' more common illicit activities.

  • Carding - this type of illegal activity is one of the most prevalent on Telegram. It involves stealing credit card information through phishing, skimming, and data breaches. This information is then sold on Telegram channels for a fee. The advantage for criminals to use this method is due to the popularity and accessibility of the app. It also allows them to collaborate and share tools, which can increase profitability by sharing across multiple illicit channels.
  • Bank Account Logins (bank logs) - this variety of cybercrime activity involves selling stolen bank account details on Telegram. It can be appealing to criminals due to high payouts and low risk of being caught by law enforcement. The stolen data can come from phishing attacks or data breaches. It can also include logins for other digital payment apps and online services like streaming platforms.
  • Botnets - this malicious activity found in illicit Telegram channels often involves networks of compromised devices controlled by a centralized server and used for illegal purposes. Botnets appeal to share in illicit Telegram groups due to their anonymity and increased reach of more users to market to in the channels. These botnets can be sold to other criminals on illicit Telegram channels to increase their attack vectors.
  • User Data Lists (Combolists) - combo lists are collections of user information such as email addresses, usernames, passwords, security questions and answers, and API keys acquired from data leaks or phishing attacks. Commonly combo lists are used for credential stuffing and account takeover attacks. They also can be shared, traded, or sold on Telegram for cryptocurrency. These advantages include large data sets for bulk distribution, widespread unauthorized access capabilities for more attacks, and high returns on illicit purchases or trade investments.
  • Stealer Logs - these illicit activities on Telegram include data logs containing stolen information like passwords, usernames, credentials, and credit card numbers. Unlike combo lists, these logs are collected via malware disruption from infected devices and sold to other criminals for their attacks.

12189124053?profile=RESIZE_710x

Telegram has become a popular messaging platform for users to communicate and connect with others globally. While the application provides some secure messages and anonymity of users, it has also been used often for illicit activities.  With the increase of cybercrime activities found within illicit Telegram channels, it's important for organizations, especially those within more heavily impacted industries, to take proactive measures to minimize the impact of these malicious activities.  Here are a few methods and steps that organizations can take to help lessen the impact of illicit Telegram activity:

  • Strengthen your identity and access management policies and processes to prevent unauthorized access to internal systems.
  • Consider investing in quality endpoint security protection to ensure your networks, devices, and operating systems are protected from intrusion.
  • Employ an in-house or external threat intelligence provider that can support features such as dark web and Telegram monitoring.
  • Enhance your internal verification systems and processes to ensure employees use multi-factor authentication and verification to prevent unauthorized access.
  • Provide quality education and awareness to all of your employees to ensure they can spot suspicious activity and understand the negative impact it could have on the company.
  • Ensure that networks, devices, and systems are kept up to date with regular security updates and patches in case exploits impact the company.

 

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5993554863383553632  

 

[1] https://thehackernews.com/2023/08/top-industries-significantly-impacted.html

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!