Recent findings from the FBI reveal that Iranian government hackers are utilizing Telegram as a tool to extract data from targeted dissidents, opposition factions, and journalists critical of the regime globally. According to a report by TechCrunch, these cyber operatives engage in malware attacks under the guise of legitimate applications like Telegram and WhatsApp.
The attack methodology involves hackers posing as familiar contacts or tech support, inducing targets to click on links leading to malicious files. Once installed, the malware enables remote control by connecting victims to Telegram bots, granting hackers the ability to exfiltrate files, capture screenshots, and eavesdrop on Zoom meetings.
This tactic of leveraging Telegram for remote device manipulation serves to obfuscate malicious activities within authentic network traffic, complicating detection by cybersecurity defenders and anti-malware solutions.
The cyber assaults are attributed to the Iranian Ministry of Intelligence and Security and align with the government’s strategic interests, as indicated by the FBI. The alert also references the involvement of the pro-Iranian and pro-Palestine hacker group Handala, although its direct association with the described attacks remains unconfirmed.
Source: TechCrunch