Telegram becomes hacker hub, replacing dark web operations

The messaging app Telegram has transformed into a primary operational hub for cybercriminals, shifting illicit activities from the traditional dark web to a more accessible and faster platform, according to research by CYFIRMA, with further coverage provided by HackRead.

Previously reliant on the Tor network, hackers now leverage Telegram's ease of use and rapid channel switching for continuous operations. The platform functions as a high-speed marketplace where bots automate the sale of initial access into companies, malware-as-a-service subscriptions, and vast databases of stolen credentials. Ransomware groups also utilize public channels for intimidation tactics, posting leak countdowns. Beyond financial crimes, hacktivist groups use Telegram to organize and announce targets for distributed denial-of-service (DDoS) attacks, amplifying their propaganda and mobilization efforts.

Despite Telegram reporting a significant increase in data sharing with law enforcement agencies globally, cybercriminal activity on the platform continues to expand. This suggests that while cooperation aids in post-incident investigations, it has not effectively curbed the growth of these sophisticated, automated cybercrime communities.

Source: HackRead