Iranian government hackers are reportedly using Telegram to extract sensitive information from dissidents, opposition groups, and journalists worldwide, as highlighted in an FBI alert released recently.
The attack process initiates when hackers pose as trusted contacts or tech support, deceiving their targets into clicking on harmful links disguised as downloads for legitimate applications like Telegram or WhatsApp. Once the malicious software is installed, victims become connected to Telegram bots, enabling the attackers to gain remote access to their devices. This allows hackers to steal data, take screenshots, and even record video calls via platforms like Zoom, according to the FBI.
Utilising Telegram for covert control of devices is a tactic commonly employed by hackers to obscure their malicious activities within normal network traffic, complicating detection efforts by cybersecurity professionals and anti-malware systems. The FBI has linked these attacks to Iran’s Ministry of Intelligence and Security (MOIS), underscoring the regime’s intent to further its geopolitical objectives through cyber means.
The alert also mentioned Handala, a pro-Iranian and pro-Palestinian hacktivist group, although it’s uncertain whether they are directly responsible for the discussed attacks. Earlier this month, Handala claimed involvement in a significant breach targeting medical technology corporation Stryker, which resulted in the erasure of numerous employee devices. Stryker has reported ongoing recovery efforts following this cyber incident in a recent filing with the U.S. Securities and Exchange Commission.
The U.S. Justice Department has suggested that Handala acts as a front for the Iranian government and has been implicated in the Stryker breach. Concurrently, the FBI dismantled and seized two websites associated with Handala and another Iranian group called “Homeland Justice,” asserting that both are controlled by the MOIS. An FBI representative confirmed that there were no further comments on the matter.
In response to these allegations, a spokesperson for Telegram stated that the platform actively moderates and removes any accounts identified to be involved in malware activities.
This information underscores a growing concern regarding the use of social media platforms for malicious cyber activities, particularly in politically sensitive contexts where dissidents and oppositional voices are targeted.
In conclusion, this situation illustrates the persistent threats posed by state-sponsored hacking groups and highlights the challenges faced in combating cybercrime, particularly for those advocating for human rights and political freedoms.
Fanpage:Â TechArena.au
Watch more about AI – Artificial Intelligence
