Saturday, June 14, 2025
HomeComputer SecurityHackers Now Switching to Telegram as a Secret Communication Medium for ...

Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

Published on

SIEM as a Service

Follow Us on Google News

Cyber Criminals begins switching Telegram for major underground communications for various cybercrimes and illegal operation since the Underground cybercrime marketplaces are continually taken down by Law enforcement.

The result of Worlds biggest Darknet marketplace AlphaBay and Hansa Taken down in last year July 2017, criminals switch the further trade and communication into a less convenient decentralized platform like Telegram.

AlphaBay Market Place was one of the well-known online darknet markets which operated on an onion service of the Tor networkIt was shut down after a law enforcement action as a part of Operation Bayonet against it.

- Advertisement - Google News

AlphaBay took down created the biggest gap in underground crime market and the Existing marketplaces have failed to capitalize on the gaps.

A result of a seizure of AlphaBay and Hansa in Operation, vendors, and buyers who had trading with AlphaBay have looked for other platforms to continue their operation and illegal trading.

Also, former AlphaBay vendors quickly began advertising their products on other markets such as Hansa and Dream.

Also, there are new underground Marketplaces are rising due to demand for the services AlphaBay but the fact is, there are challenges with fostering trust amongst users, as well as hidden monthly running costs.

Alongside Well-known criminal sites, such as Joker‘s Stash, have adopted blockchain hosting. Another market using this decentralized technology, OpenBazaar, has experienced a growth of four thousand new users in the last four months

Rick Holland, CISO at Digital Shadows said:“Historically when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of ‘whack-a-mole’ where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”

Cybercriminals Shifted to Telegram

Cybercriminals have increasingly shifted towards peer-to-peer networks and chat channels such as Telegram.

Based on the last 6-month observation there are  5,000 Telegram links shared across criminal forums and darknet websites including h 1,667 were invite links to new groups.

Apart from this 743 invites observed across criminal forums and dark websites across the last six months. Telegram group chat is very convenient for cybercriminals and they adapt easily to make further communication and trading with extreme anonymity.

Often sellers will advertise their service or product on a particular forum, but rather
than communicate directly with sellers on the forum or through its private messaging service, buyers are encouraging interested parties to reach out to them directly on alternative chat networks and messaging platforms.

In this case, cyber criminals using The primary channels are Telegram, Discord, Skype, Jabber, and IRC.

Since the Bayonet operation is short living effort and since the buyers and sellers spread widely across an increasingly decentralized community, it will be more difficult for law enforcement.

Examples of Telegram channels used to buy and sell compromised accounts and payment cards

These Telegram channels used by sellers who post the advertisements of their products and services as they would normally do on a marketplace or forum. Buyers can then contact the seller directly in a private chat message and conduct the transaction using cryptocurrencies or electronic payment services.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Odoo Employee Database Allegedly Exposed and Put Up for Sale on Dark Web

A data breach has reportedly struck Odoo, a leading Belgian provider of open-source business...

U.S. Authorities Shut Down Major Dark Web Marketplace with 117,000 Users

In a blow to the cybercrime underworld, the U.S. Attorney’s Office for the Eastern...

Top Russian Dark Web Market Tools Drive Surge in Credential Theft Attacks

In a chilling revelation for cybersecurity professionals, the Russian Market has solidified its position...