Telegram’s relative anonymity makes it an attractive hangout for cybercriminals.
Telegram's place in the cyber underworld.
KELA has published a report looking at cybercriminals’ use of Telegram to conduct their business.
Telegram used for sharing stolen data and selling malware.
The researchers explain that Telegram’s Secret Chat feature provides end-to-end encryption and relative anonymity. While the vast majority of the app’s users are legitimate, and Telegram has cooperated with law enforcement in the past, criminals are still attracted to these features:
“Cybercriminals often use the popular platform to exchange information, share tips and tricks, and coordinate activities. User’s accounts and channels are commonly advertised on cybercrime forums and other online communities that cater to cybercriminals. Through these forums, criminals can post links to Telegram groups and channels where they can further discuss and collaborate on criminal activities. Telegram can be used to share information about cybercrime techniques, as well as to distribute malicious tools such as password-stealing Trojans, keyloggers and ransomware. In addition, it’s also used to facilitate the sale of stolen data and illicit goods and to recruit new members for criminal activities.”
KELA notes that the channel owned by the Lapsus$ data extortion group has gained more than 55,000 subscribers since it was created in December 2021. Hacktivist groups, particularly those operating on behalf of Ukraine or Russia, have gained hundreds of thousands of subscribers. Criminals also use Telegram groups to sell physical goods, including drugs, guns, and counterfeit luxury items. We stress that this amounts to abuse of a legitimate service. There's nothing inherently criminal about Telegram.