Saturday, December 2, 2023

Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

Cyber Criminals begins switching Telegram for major underground communications for various cybercrimes and illegal operation since the Underground cybercrime marketplaces are continually taken down by Law enforcement.

The result of Worlds biggest Darknet marketplace AlphaBay and Hansa Taken down in last year July 2017, criminals switch the further trade and communication into a less convenient decentralized platform like Telegram.

AlphaBay Market Place was one of the well-known online darknet markets which operated on an onion service of the Tor networkIt was shut down after a law enforcement action as a part of Operation Bayonet against it.

AlphaBay took down created the biggest gap in underground crime market and the Existing marketplaces have failed to capitalize on the gaps.

A result of a seizure of AlphaBay and Hansa in Operation, vendors, and buyers who had trading with AlphaBay have looked for other platforms to continue their operation and illegal trading.

Also, former AlphaBay vendors quickly began advertising their products on other markets such as Hansa and Dream.

Also, there are new underground Marketplaces are rising due to demand for the services AlphaBay but the fact is, there are challenges with fostering trust amongst users, as well as hidden monthly running costs.

Alongside Well-known criminal sites, such as Joker‘s Stash, have adopted blockchain hosting. Another market using this decentralized technology, OpenBazaar, has experienced a growth of four thousand new users in the last four months

Rick Holland, CISO at Digital Shadows said:“Historically when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of ‘whack-a-mole’ where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”

Cybercriminals Shifted to Telegram

Cybercriminals have increasingly shifted towards peer-to-peer networks and chat channels such as Telegram.

Based on the last 6-month observation there are  5,000 Telegram links shared across criminal forums and darknet websites including h 1,667 were invite links to new groups.

Apart from this 743 invites observed across criminal forums and dark websites across the last six months. Telegram group chat is very convenient for cybercriminals and they adapt easily to make further communication and trading with extreme anonymity.

Often sellers will advertise their service or product on a particular forum, but rather
than communicate directly with sellers on the forum or through its private messaging service, buyers are encouraging interested parties to reach out to them directly on alternative chat networks and messaging platforms.

In this case, cyber criminals using The primary channels are Telegram, Discord, Skype, Jabber, and IRC.

Since the Bayonet operation is short living effort and since the buyers and sellers spread widely across an increasingly decentralized community, it will be more difficult for law enforcement.

Examples of Telegram channels used to buy and sell compromised accounts and payment cards

These Telegram channels used by sellers who post the advertisements of their products and services as they would normally do on a marketplace or forum. Buyers can then contact the seller directly in a private chat message and conduct the transaction using cryptocurrencies or electronic payment services.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles