Messaging platforms like Telegram provide a way for cybercriminals to host, distribute, and execute various functions that ultimately allow them to steal credentials or other information from unsuspecting users. Yet that isn’t the only way in which cybercriminals have leveraged Telegram for their operations.
Given research done into why Telegram has been growing in use among cybercriminals, Intel 471 analyzed what makes the messaging service an efficient alternative to popular underground forums, especially when it comes to the market for compromised access and data. Researchers found that a combination of simplicity and security found in Telegram has provided a perfect communications hub for attackers: cybercriminals can message others individually or in groups, as well as receive or send large data files. Telegram also offers actors the ability to create bespoke channels for specific interests that are not typically active on cyber underground forums. This enables threat actors to conduct criminal operations by forming and joining groups and channels that align with their interests and goals.