According to an FBI notice released on Friday, Iranian government hackers are utilizing Telegram to gather data from compromised dissidents, opposition organizations, and journalists that oppose the regime globally.
In order to fool their targets into clicking on a link to a malicious file that poses as trustworthy apps like Telegram and WhatsApp, the hackers first contact them under the guise of a recognized contact or tech support.The second phase of the assault involves connecting the infected victim to Telegram bots so that the hackers can remotely command and control the victim’s machine once the target installs the malware.According to the FBI, this enables the hackers to take remote control of the victims’ devices in order to record Zoom calls, capture screenshots, and steal files.
Hackers frequently use Telegram to remotely manipulate a victim’s device in order to conceal malicious activity within legitimate network data, making it more difficult for anti-malware software and cybersecurity defenders to detect.
The FBI claims that the hackers behind these attacks are purportedly employed by Iran’s Ministry of Intelligence and Security (MOIS).According to the FBI, these attacks are an illustration of how Iranian government hackers are attempting to advance the regime’s “geopolitical goal.
The FBI named the proIranian and proPalestinian phony hacktivist group Handala in the advisory, however it is unclear if this group was responsible for the attacks mentioned.
Tens of thousands of employee devices were erased in an attack on medical tech major Stryker earlier this month, which Handala claimed responsibility for.
Tens of thousands of employee devices were erased in an attack on medical tech major Stryker earlier this month, which Handala claimed responsibility for.
Stryker stated that it is still getting over the hack in an 8-K statement with the U.S. Securities and Exchange Commission on Monday.
The U.S. Justice Department charged Handala last week with being behind the Stryker breach and acting as a front for the Iranian government, particularly the MOIS.Two websites connected to Handala and two more connected to “Homeland Justice,” another Iranian hacktivist group, were also taken down and confiscated by the FBI at the same time. The MOIS is in charge of both groups, according to the FBI’s recent alert.
In an email, an FBI representative stated that the agency “had nothing new to contribute.
According to Remi Vaughn, a spokesman for Telegram, “moderators consistently deactivate any accounts determined to be engaged with malware.
Updated to include Telegram’s and the FBI’s response.
Leave feedback about this