Detailed information about the quality of the video (such as the resolution, e.g., 720p, 1080p, 4K) was also provided.Similar to other CACs, there were several sources for distributing the content. 34.6% of the posts had the media as an attached file that could be directly downloaded by the user. For 42.3% of the posts, the user would be directed to an external website where the content could either be streamed or downloaded.
While people might try to scrape dark web content and post it in WhatsApp groups, this problem is not as extreme as on Telegram. That’s because WhatsApp and Telegram have different attitudes toward privacy and anonymity, with the latter not willing to share data with ISPs and third parties if users have the “Secret Chats” option turned on in their settings. However, with millions of Telegram users posting terabytes of content each day, moderation is a herculean process.
Illicit Telegram Channels And Stolen Credentials
In July 2023, hackers used Telegram’s @sbi_data channel to expose the personal information of over 12,000 SBI employees, including names, addresses, contact numbers, PAN numbers, and photo IDs. The hackers posted stolen sensitive data on the platform, claiming to have exploited the company’s weak cybersecurity. According to the reports, perpetrators then disseminated stolen information through social media platforms, eventually putting it up for sale on the dark web forums.
We discovered a Keybase “team account” that claims the group has 7 active members. A privacy researcher, Matt Brown of Brown Fine Security, found a number of vulnerabilities in Motorola Reaper HD license plate readers. The most glaring was that some devices were streaming live to the open internet for anyone to view, 404 Media reports.
Get Cybersecurity News, Insights, & Intelligence Straight To Your Inbox
In some cases this may be for free and in other cases the credentials may be purchased through automated mechanisms on specific channels. Primarily focused on DDoS attacks, Dark Storm Team follows an opportunistic targeting strategy across various sectors. In addition to its cyber operations, the group also promotes hacking services for hire through its Telegram channel, offering DDoS attacks on protected websites and database dumps from organizations such as banks and airports. The landscape of cybercrime has evolved dramatically, with hackers leveraging both dark web forums and illicit Telegram communities to facilitate their activities. These illicit communities also allow countless users to have more anonymity within a global community that allows them to share, trade, or make money selling services or exploits successfully. In addition to facilitating the purchase of fake engagement, 39 channels shared images that served as proof of successful service, likely to build trust among potential customers.
Telegram, unlike some other messaging apps, provides end-to-end encrypted chats when a user selects the “Secret Chats” option in their settings. The content inside channels and groups is then encrypted between Telegram and its server, meaning ISPs can’t access any data. That might sound cool if you’re sending messages to a loved one, but it also means that third parties can’t access illegal content—or do anything about it. Moderation practices on Telegram have been scrutinised for their effectiveness in addressing illegal content.
While Telegram remains a critical hub for cybercriminal activities, it is just one part of the larger dark web ecosystem where threat actors exchange stolen data, hacking tools, and illicit services. Organizations must have real-time visibility into these underground networks to prevent data breaches, financial fraud, and cyberattacks. While Telegram was once a safe haven for illicit activity, recent policy changes have forced many threat actors to reconsider their presence on the platform. In September 2024, Telegram introduced AI-based content moderation, making it more difficult for cybercriminals to share and access illegal materials. Many hacktivist and cybercriminal groups have since started migrating to alternative platforms, such as Signal, Discord, and decentralized messaging networks.
- Over time, numerous malicious groups have established Telegram-based cybercrime networks, leveraging the platform to distribute stolen data, organize hacking campaigns, and conduct dark web operations.
- In June, 2024, the Qilin ransomware group targeted Synnovis, a laboratory services provider for National Health Service (NHS) hospitals in South-East London.
- The study, which is available as a preprint, also looked at bot activity, a common practice across groups that is used to moderate content and welcome users, among other things.
- In recent years, Telegram has become a popular messaging platform for both illicit and legitimate communication activities.
- However, the ever-growing popularity of Telegram caught a lot of eye and many people from all over the world started joining Telegram.
☠️ ETHICAL HACKERS CHAT ☠️
The deep web on Telegram is an underworld of the Internet that hosts content not indexed by conventional search engines. On Telegram, there are channels dedicated to sharing links and resources related to the deep web. However, it is important to note that entering it carries significant risks and can expose us to cyber threats.
14 Channel Promotion And Migration
In Blackhat Resources channels, users frequently engage with the content by providing feedback on the effectiveness of various hacking tools. They share both positive and negative experiences, which helps other members make informed decisions about which tools to use. For instance, a user commented, ”i was not able to download it before,” indicating a problem with a specific tool, while another might say, ”Try method 1 or 3 I hope REMCOS working,” suggesting effective methods. This type of feedback serves as informal reviews and fosters a sense of community where members help each other solve problems. In contrast, Artificial Boosting channels focus more on mutual promotion and validation. Users share their social media links and ask others to follow or like their posts, as seen in comments like ”Follow my Instagram” or ”Pls like” Here, the engagement is less about problem-solving and more about reciprocal actions to enhance social media presence.
Telegram offers users similar levels of privacy if they opt to create a “Secret Chat” which uses the same end-to-end encryption that those apps do. It means the activity inside a conversation is completely private and not even Telegram itself can view the contents. The hacker group Qilin, which held NHS hospitals to ransom earlier this summer, notably chose to publish stolen blood test data on its Telegram channel before its dark web website. The deepfake service used to create fake nudes of schoolgirls in Spain and South Korea also runs its full service, including payment, on Telegram. Besides having a very prominent presence on various dark web forums, the Daisy Cloud admin runs one of the most consistent log sharing groups on Telegram, uploading daily stealer logs for both free and premium buyers.
Recent Posts
Beyond these websites, CACs also encouraged users to acquire services by contacting Telegram users or interacting with specific bots. Our data revealed 399 unique Telegram users and 515 unique bot accounts being promoted. While we did not engage directly with these user accounts, we conducted a brief analysis of the bots to understand the options they offered. The battle against piracy and the protection of copyright have become pivotal issues in the digital era.
DARKNET News
It uses encryption to provide anonymity to users, their activities, and hosted websites. While some may consider the dark web and the deep web to be synonyms, the deep web is actually a much broader web class that makes up the majority of the internet, yet isn’t public-facing (for example, found on most search websites) or indexed. Effectively navigating Telegram’s encrypted and fragmented landscape remains a serious challenge. Designed for cybersecurity teams, Lunar enables advanced threat detection, credential leakage monitoring, actor profiling, and tactical intelligence extraction—at scale and in real time. Uncover the threats that are relevant to you by leveraging Lunar’s continuous monitoring of the deep and dark web.
- One vendor offered a highly unique “revenge mail” service, sending a selection of different types of animal shit (horse, dog or cat) in a box to a name and address of your choosing for £20, although a cowpat costs a premium £25.
- Its approach to police requests to remove illegal content and pass on evidence is another criticism.
- This will enable us to anticipate and counter malicious activities across different cybercrime ecosystems.
- This visibility can attract the attention of law enforcement, but also allows illicit activities to reach a wider user base.
- This focus on personal OpSec underscores the challenges faced by cybersecurity professionals attempting to monitor and disrupt these activities.
Telegram’s Place In The Cybercriminal Ecosystem
The platform’s efforts to combat CSAM and other illicit activities fall short, with insufficient action taken against offending content. The debate surrounding Durov’s arrest has brought these issues into sharper focus, raising questions about the platform’s commitment to enforcing its policies and addressing the misuse of its features. Additionally, transparency and cooperation with law enforcement agencies also pose significant challenges. Telegram’s reluctance to provide user data and its limited response to legal requests complicate efforts to address illegal activities effectively5.
For ethical reasons, we did not download or interact with the attached files or links. These reports were submitted through their respective vulnerability disclosure programs starting in the first week of April. These channels also share technical insights and resources that, while valuable for legitimate cybersecurity purposes, can be repurposed for malicious intents.
Thematic Analysis Of Replies
A document shared on Pastebin in early June confirmed the aliases of the possible members identified above, but also criticizes the technical prowess of the group, claiming most of their attacks are basic SQL injection and cross-site scripting (XSS) attacks. The paste compared SiegedSec to Lulzsec, a high-profiled cyber threat group in the early 2010s who similarly initially claimed to have conducted their attacks simply for the “lulz” or laughs, and often mocked their victims for the security flaws they uncovered. The Lulzsec group was comprised of four-young British hackers who infamously successfully targeted the CIA, PBS, Westboro Baptist Church, and Sony gaining significant digital notoriety and infamy.
