The Kaspersky Digital Footprint Intelligence team has analyzed shadow Telegram channels and has released a report talking about its security levels. Their findings reveal a troubling trend: cybercriminals are increasingly using Telegram as a platform for underground market activities.
Cybercriminals actively operate channels and groups on Telegram dedicated to discussing fraud schemes, distributing leaked databases, and trading various criminal services, such as cashing out, forging documents, DDoS attacks as a service, and more.
According to Kaspersky’s data, the volume of such posts surged by 53% in May-June 2024 compared to the same period last year. The growing interest in Telegram from the cybercriminal community is driven by several key factors.
Firstly, this messenger is very popular in general – its audience has reached 900 million monthly users, according to Pavel Durov, founder of Telegram. Secondly, it is marketed as the most secure and independent messenger that does not collect any user data, giving threat actors a sense of security and impunity.
Moreover, finding or creating a community on Telegram is relatively easy, which, combined with other factors, allows various channels, including cybercriminal ones, to gather an audience quickly, explains Alexey Bannikov, an analyst at Kaspersky Digital Footprint Intelligence.
Cybercriminals operating on Telegram generally demonstrate less technical sophistication and expertise compared to those found on more restricted and specialized dark web forums. This is due to the low entry barrier into the Telegram shadow community – someone with malicious purposes simply needs to create an account and subscribe to the criminal sources they can find as they are already part of this criminal community.
Alexey Bannikov notes:
There is another trend: Telegram has emerged as a platform where various hacktivists make statements and express their views. Due to its extensive user base and rapid content distribution through Telegram channels, hacktivists find the platform a convenient tool to incite DDoS attacks and other disruptive methods against targeted infrastructures. Additionally, they can release stolen data from attacked organizations into the public domain using shadow channels.
Kaspersky published a free comprehensive playbook to track shadow market activities and handle data-related incidents to help enterprises mitigate associated cyber risks.
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.