[BreachExchange] Attackers Found Leveraging Telegram App to Share Stolen Data

[Sophia Kingsbury]

https://cisomag.eccouncil.org/attackers-found-leveraging-telegram-app-to-share-stolen-data/

In addition to attacking techniques, cybercriminals often rely on various
mediums to deploy/spread their malware or Trojans across targeted networks.
Several threat actor groups rely on social media platforms or instant
messaging services like Facebook, Twitter, and WhatsApp for their malicious
activities. Recently, a joint security investigation from Cyberint and
Financial Times revealed that cybercriminals have been leveraging the
messaging service platform Telegram for their cybercriminal activities.

Telegram is being misused to buy, sell, and distribute the compromised data
and malware tools, making the platform an alternative to the darknet forum.

“We have recently been witnessing a 100% rise in Telegram usage by
cybercriminals. Its encrypted messaging service is increasingly popular
among threat actors conducting the fraudulent activity and selling stolen
data as it is more convenient to use than the dark web,” said Tal Samra,
cyber threat analyst at Cyberint.

Hacker Channels @Telegram

Telegram provides Channels that enable users to broadcast public messages
to large audiences. Channels can have an unlimited number of subscribers
allowing users to send and receive large-sized data files. The research
found several Telegram channels named Email:pass, Combo, and combolist,
which are hacker parlance that indicates stolen email and passwords lists.
The attackers are reportedly circulating hundreds of thousands of leaked
usernames and passwords.

The rise in cybercriminal activity using the Telegram platform came after
several users sought alternatives after Facebook-owned WhatsApp changed its
privacy policy.

Cybercrime on Telegram

Separate research from security threat intelligence firm vpnMentor revealed
that cybercriminals are spreading stolen data dump on Telegram from
previous cyberattacks and data breaches from various companies, including
Facebook, marketing software provider Click.org, and dating site Meet
Mindful.

“It appears that most data leaks and hacks are only shared on Telegram
after being sold on the dark web – or the hacker failed to find a buyer and
decided to share the information publicly and move on. Some of the data
leaks were months old, but many were as recent as a few days. Hackers have
also used Telegram as part of cyberattacks and blackmail schemes. After
hackers stole a database from Israeli company Shirbit, they created a
Telegram group and started sharing sensitive information as a form of
extortion against the company,” vpnMentor said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210921/0a5f45d5/attachment.html>