The Israeli Internet Association has issued a public warning about a surge in cyberattacks targeting Telegram accounts in Israel.
The campaign, traced to hackers in Bangladesh and Indonesia, exploits vulnerabilities in voicemail systems to hijack accounts and, in some cases, register new ones using phone numbers of individuals who have never used Telegram, including minors.
This wave of attacks appears to be part of a broader cyber campaign linked to recent incidents since the onset of the Iron Swords war.
.png
)
While the exact motives remain unclear, experts speculate that the operation could aim to spread terror, manipulate public discourse, or pursue criminal objectives.
Exploiting Voicemail Vulnerabilities
The attackers leverage a common security flaw: many users fail to change their default voicemail PINs, which are often set to simple combinations like “1234.”
The attack begins when hackers initiate a Telegram login attempt on a victim’s account.
If the SMS verification option is bypassed, Telegram sends the verification code via voice call.
If the victim does not answer the call, the code is left as a voicemail message.
Hackers then remotely access the victim’s voicemail using the default PIN and retrieve the code, enabling them to log into the account.
In some cases, hackers place decoy calls from foreign or masked numbers often using Bangladeshi dialing codes to ensure that victims miss the verification call.
Once inside the account, attackers disconnect all devices linked to it, effectively locking out the original user.
The compromised accounts are then exploited for impersonation, phishing schemes, scams targeting contacts, or distribution of illegal content.
Persistent and Invasive Methods
Unlike typical WhatsApp attacks that rely on message chains, this campaign employs more invasive techniques by accessing users’ personal voicemail systems.
Yonatan Ben Hurin, director of Israel’s Safe Internet Help Line, described this method as particularly concerning due to Telegram’s design, which stores users’ entire chat history on their accounts.
Some victims reported that their profile pictures were changed to images of attractive Asian women after their accounts were hijacked likely as part of phishing or extortion schemes.
According to the Report, the use of fake female profiles is a known tactic in social engineering attacks.
To safeguard against these attacks, cybersecurity experts strongly advise disabling voicemail services altogether or changing default voicemail PINs to strong and unique passwords.
Users should also activate Telegram’s two-step verification feature by navigating to Settings > Privacy and Security > Two-Step Verification.
This additional layer of security can prevent unauthorized access even if hackers obtain verification codes.
Furthermore, individuals who notice suspicious activity such as alerts about email changes or logins from unknown devices should act immediately by removing unfamiliar email addresses in Telegram settings and terminating unauthorized sessions via Settings > Devices > Terminate All Other Sessions.
For users locked out of their accounts, Telegram offers a one-week waiting period for email reset requests.
Alternatively, those subscribed to Telegram Premium can recover their accounts instantly through SMS verification.
The Israeli Internet Association highlighted that this campaign demonstrates persistence and sophistication in its approach.
Reports of such incidents have surged in recent weeks, prompting Tuesday’s public alert.
Given Israel’s history of cyber incidents originating from Bangladesh and Indonesia during geopolitical conflicts, these attacks underscore the importance of robust cybersecurity measures.
While authorities continue to investigate whether these operations are terror-related or criminally motivated, individuals are urged to remain vigilant and adopt best practices for securing their digital accounts.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
