Amid rising concerns about Telegram’s security, a recent analysis by the Kaspersky Digital Footprint Intelligence team has revealed a troubling trend. Cybercriminals are increasingly using Telegram as a platform for underground market activities. The analysis of shadow Telegram channels shows that these criminals are actively operating channels and groups dedicated to discussing fraud schemes, distributing leaked databases, and trading various criminal services such as cashing out, forging documents, and DDoS attacks as a service.
According to Kaspersky’s data, the volume of such posts surged by 53% in May-June 2024 compared to the same period last year. This significant increase underscores the growing attraction of Telegram for cybercriminal activities.
The growing interest in Telegram from the cybercriminal community is driven by several key factors. Firstly, Telegram’s popularity is a major draw, with the platform boasting 900 million monthly users, according to its founder, Pavel Durov. Secondly, Telegram is marketed as a highly secure and independent messenger that does not collect user data, providing threat actors a sense of security and impunity. Moreover, the ease of finding or creating communities on Telegram allows various channels, including criminal ones, to quickly gather an audience.
Cybercriminals operating on Telegram generally demonstrate less technical sophistication and expertise compared to those on more restricted and specialized dark web forums. The low entry barrier into Telegram’s shadow community means that individuals with malicious intentions only need to create an account and subscribe to criminal sources they find. Furthermore, Telegram lacks a reputation system similar to those on dark web forums, leading to a prevalence of scammers who deceive their fellow community members.
Another emerging trend is the use of Telegram by hacktivists to make statements and express their views. Due to its extensive user base and rapid content distribution through Telegram channels, hacktivists find the platform a convenient tool to incite DDoS attacks and other disruptive methods against targeted infrastructures. They can also release stolen data from attacked organizations into the public domain using shadow channels.
To help enterprises mitigate the associated cyber risks, Kaspersky Digital Footprint Intelligence has published a free comprehensive playbook for tracking shadow market activities and handling data-related incidents. This playbook aims to provide enterprises with the necessary tools to address and manage the growing threats posed by cybercriminal activities on Telegram.