Hacker groups and individual cybercriminals are seemingly choosing Telegram as a new alternative to dark web platforms.
According to findings made by cybersecurity experts, it turns out that sensitive data belonging to millions of users have already been shared on groups and Telegram channels that host thousands of people.
Researchers have reported that these hackers are taking advantage of Telegram features to leak as well as to host discussions about large data dumps that can potentially place a large number of victims in direct contact with hacking, cyber-attacks, and social-engineered fraud.
Further reports have shed light on the existence of a thriving illicit marketplace on Telegram where large categories of information were catalogued, including fake coronavirus vaccines, personally identifiable information (PII), stolen identities and malicious software.
Researchers managed to gain special access in witnessing actual illicit trade that occurs between various users and threat actors on Telegram. They came across hackers sharing large amounts of data across Telegram channels with more than 10,000 members. The same actors went on to discuss how the leaked data would be best employed in cyberattacks.
At this point, a lot of speculation has risen over the cybercriminal preference for Telegram over dark web markets. A quick analysis of past cybercriminal cases reveals the long-time monopoly that the darknet ecosystem has enjoyed within underground communities.
It turns out that a number of threat actors are shifting to Telegram to harness the long list of benefits that include privacy protection of users. This reality exists within the context of a lower entry barrier in contrast to the hidden web, and the fact that Telegram’s history of DDoS attacks does not match that of the much-prone dark web.
In addition, Telegram has not suffered the degree of law enforcement spotlight as that of the dark web. This aspect has attracted cybercriminal interest among threat actors that are looking to operate within the beck alleys of the internet.
The same reason reflects on the preference by relatively tech-disadvantaged cybercriminals that find dark web application to be too complex for their liking. Telegram seems to offer the best of both worlds.
A Host of Other Illicit Applications
Cybersecurity experts insist that Telegram’s preference by cybercriminals must not go unchecked. A large number of past law enforcement activities have linked dark web-style criminal activities to Telegram corridors.
According to a recent report by NortonLifeLock, the black market community has been using Telegram as the go-to platform to conduct illicit commerce amid the COVID-19 pandemic. The list of items on sale range from coronavirus vaccines to drugs such as Remdesivir that are being sold peddled across various channels in spite of the looming global shortage.
The analysis by the global leader in consumer cyber safety went on to highlight the legitimate applications of Telegram, which mirror that of the dark web. It turns out that Telegram is among the apps that are being used by political dissidents to operate under the radar of authoritarian regimes – it has been used to organize pro-democracy protests in Hong Kong.
Telegram has also been used by criminals to perpetrate more serious crimes of modern slavery and child sex abuse. The shocking Nth Room scandal in South Korea affected about 74 underage victims who were forced to upload explicit materials of themselves into Telegram chatrooms. About 260,000 Telegram users accessed the chatrooms and paid for the child sex abuse material using cryptocurrency.
Additionally, in 2020, the Indian Central Bureau of Investigation (CBI) apprehended a man that has reportedly created 20 groups on Telegram, two of which were intended for the purpose of distributing and selling child sex abuse material to online users.