Telegram, the popular encrypted messaging app, is being used by criminal hackers to share and discuss cyberattacks. This could put millions of users at risk of data theft, malware infection, and even a full system takeover.
These hacker groups are sharing their work on a number of channels and sub-groups, including one with over 54k subscribers worldwide. Some are also advertising black hat services.
Lapsus$
The Lapsus$ hacking gang, which consists of teenagers from the UK and Brazil, has caused quite a stir after their recent spate of attacks. Their victims include technology giant Microsoft, digital banking group Revolut, and a variety of other companies and organizations. In the case of Revolut, the hackers stole nearly half a million customer records. They then demanded a ransom of more than $640,000.
The gang, which Microsoft refers to as “DEV-0537,” gains access to the targets by bribing or tricking employees. They then publish the stolen data online, with many of the posts appearing on Telegram’s popular chat app. According to Microsoft, the group’s dedicated Telegram channel has more than 45,000 subscribers.
Unlike other groups that have gained notoriety in the extortion and ransomware space, such as APTS or hackers wearing Guido Fawkes masks, Lapsus$ is a relatively new threat. It does not operate a leak site like some other hackers and instead relies on its own private Telegram channels to announce victims. The group also solicits the community for suggestions about which company’s data to release next.
This approach seems amateurish and immature, but it appears to be working for the group. Since their arrests, the group hasn’t released any additional breaches. In fact, they’ve even stopped claiming their exploits, such as SIM swapping and exploitation of MFA fatigue, on their official channel.
Vx-underground
Vx-underground is a malware repository that specializes in collecting and analyzing malicious code. It is a vital resource for cybersecurity researchers and analysts, and it can help them stay one step ahead of hackers. The site has also sparked ethical debates in the cybersecurity realm, with detractors arguing that it could unintentionally arm cybercriminals by providing them with a wealth of resources. Others, however, argue that the study of malware is instrumental in bolstering defense mechanisms and protecting digital environments.
VX-underground’s popularity has grown in recent years, fueled by its reputation as a source of malware samples and an excellent forum for discussing hacking techniques. In addition to its malware repository, the website has an extensive range of articles and tutorials that explore different aspects of cybersecurity. These resources are a valuable tool for both newcomers to the industry and seasoned professionals.
The group allegedly stole internal data from gaming giant Activision, which included information about the development of future content for its popular first-person shooter Call of Duty. It then published screenshots of this data on its website, but did not publish the stolen code itself.
This group is infamous for attacking large organizations with their notorious “data extortion” attacks. Using the Telegram messaging app, they post about their attacks and share leaks on their accounts and a publicly accessible telegram channel. They also offer support and advice to other malicious hackers via their channels.
Effex Media
Telegram is a popular messaging app that claims to be focused on guaranteeing privacy for its users. However, the company is secretive and operates with zero transparency. Its servers remain a black box, and the founders don’t disclose where the company is based or who works there. They also refuse to release a transparency report, despite numerous requests from governments around the world.
The app is a hotbed for hacking, malware, and discussions of cybercrime. The app’s decentralized nature makes it easier for criminals to use and harder for law enforcement agencies to monitor. Cybercriminals can create channels and groups on Telegram to conduct phishing, banking fraud, identity theft, and other high-risk activities.
Many hackers share information about data groupe telegram leak and extortion schemes on Telegram. They may sell compromised data or offer tutorials to other criminals. In some cases, hackers have even used Telegram to extort companies that they have breached.
The hackers behind this recent APT34 data dump have been sharing their actions on a Telegram group called “Lab Dookhtegan”. The group includes an archive file with source code, and the contents of that file include details about the internal servers of their targets. The files also contain webshell URLs and a PowerShell payload that could be used by threat actors to take control of the target system.
Amazon Magic
A secret group on the popular messaging app Telegram is reportedly helping Amazon sellers who get banned from the site. For a fee, they can pay a broker to help them recover their account and remove negative reviews from their products. The brokers also provide information on competitors, according to CNBC.
The Telegram group has 13,000 members and features black-hat services advertised by users. Its members include rogue Amazon employees who share confidential information with other sellers in exchange for money. The group’s name is “Amazon Magic,” and it offers to help sellers with problems on the e-commerce platform. The offerings include removing negative reviews and providing information on competitors.
While malicious actors have traditionally used dark web forums to discuss and sell data leaks, many have now turned to Telegram as a more user-friendly alternative. Moreover, it offers end-to-end encryption and enables users to create anonymous accounts, making it harder for law enforcement agencies to track their activities.
Despite its popularity among those seeking to avoid government surveillance, Telegram has its own problems with security. In early 2018, the founder of the app, Pavel Durov, had his number added to a list of individuals selected by NSO Group’s client governments. The list included both criminals and protesters battling authoritarian regimes. In addition, a bug was discovered in the latest version of Telegram that could allow hackers to monitor users’ activity and location.