Thursday, March 28, 2024

Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

Cyber Criminals begins switching Telegram for major underground communications for various cybercrimes and illegal operation since the Underground cybercrime marketplaces are continually taken down by Law enforcement.

The result of Worlds biggest Darknet marketplace AlphaBay and Hansa Taken down in last year July 2017, criminals switch the further trade and communication into a less convenient decentralized platform like Telegram.

AlphaBay Market Place was one of the well-known online darknet markets which operated on an onion service of the Tor networkIt was shut down after a law enforcement action as a part of Operation Bayonet against it.

AlphaBay took down created the biggest gap in underground crime market and the Existing marketplaces have failed to capitalize on the gaps.

A result of a seizure of AlphaBay and Hansa in Operation, vendors, and buyers who had trading with AlphaBay have looked for other platforms to continue their operation and illegal trading.

Also, former AlphaBay vendors quickly began advertising their products on other markets such as Hansa and Dream.

Also, there are new underground Marketplaces are rising due to demand for the services AlphaBay but the fact is, there are challenges with fostering trust amongst users, as well as hidden monthly running costs.

Alongside Well-known criminal sites, such as Joker‘s Stash, have adopted blockchain hosting. Another market using this decentralized technology, OpenBazaar, has experienced a growth of four thousand new users in the last four months

Rick Holland, CISO at Digital Shadows said:“Historically when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of ‘whack-a-mole’ where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”

Cybercriminals Shifted to Telegram

Cybercriminals have increasingly shifted towards peer-to-peer networks and chat channels such as Telegram.

Based on the last 6-month observation there are  5,000 Telegram links shared across criminal forums and darknet websites including h 1,667 were invite links to new groups.

Apart from this 743 invites observed across criminal forums and dark websites across the last six months. Telegram group chat is very convenient for cybercriminals and they adapt easily to make further communication and trading with extreme anonymity.

Often sellers will advertise their service or product on a particular forum, but rather
than communicate directly with sellers on the forum or through its private messaging service, buyers are encouraging interested parties to reach out to them directly on alternative chat networks and messaging platforms.

In this case, cyber criminals using The primary channels are Telegram, Discord, Skype, Jabber, and IRC.

Since the Bayonet operation is short living effort and since the buyers and sellers spread widely across an increasingly decentralized community, it will be more difficult for law enforcement.

Examples of Telegram channels used to buy and sell compromised accounts and payment cards

These Telegram channels used by sellers who post the advertisements of their products and services as they would normally do on a marketplace or forum. Buyers can then contact the seller directly in a private chat message and conduct the transaction using cryptocurrencies or electronic payment services.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles