Friday, March 29, 2024

Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

Cyber Criminals begins switching Telegram for major underground communications for various cybercrimes and illegal operation since the Underground cybercrime marketplaces are continually taken down by Law enforcement.

The result of Worlds biggest Darknet marketplace AlphaBay and Hansa Taken down in last year July 2017, criminals switch the further trade and communication into a less convenient decentralized platform like Telegram.

AlphaBay Market Place was one of the well-known online darknet markets which operated on an onion service of the Tor networkIt was shut down after a law enforcement action as a part of Operation Bayonet against it.

AlphaBay took down created the biggest gap in underground crime market and the Existing marketplaces have failed to capitalize on the gaps.

A result of a seizure of AlphaBay and Hansa in Operation, vendors, and buyers who had trading with AlphaBay have looked for other platforms to continue their operation and illegal trading.

Also, former AlphaBay vendors quickly began advertising their products on other markets such as Hansa and Dream.

Also, there are new underground Marketplaces are rising due to demand for the services AlphaBay but the fact is, there are challenges with fostering trust amongst users, as well as hidden monthly running costs.

Alongside Well-known criminal sites, such as Joker‘s Stash, have adopted blockchain hosting. Another market using this decentralized technology, OpenBazaar, has experienced a growth of four thousand new users in the last four months

Rick Holland, CISO at Digital Shadows said:“Historically when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of ‘whack-a-mole’ where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”

Cybercriminals Shifted to Telegram

Cybercriminals have increasingly shifted towards peer-to-peer networks and chat channels such as Telegram.

Based on the last 6-month observation there are  5,000 Telegram links shared across criminal forums and darknet websites including h 1,667 were invite links to new groups.

Apart from this 743 invites observed across criminal forums and dark websites across the last six months. Telegram group chat is very convenient for cybercriminals and they adapt easily to make further communication and trading with extreme anonymity.

Often sellers will advertise their service or product on a particular forum, but rather
than communicate directly with sellers on the forum or through its private messaging service, buyers are encouraging interested parties to reach out to them directly on alternative chat networks and messaging platforms.

In this case, cyber criminals using The primary channels are Telegram, Discord, Skype, Jabber, and IRC.

Since the Bayonet operation is short living effort and since the buyers and sellers spread widely across an increasingly decentralized community, it will be more difficult for law enforcement.

Examples of Telegram channels used to buy and sell compromised accounts and payment cards

These Telegram channels used by sellers who post the advertisements of their products and services as they would normally do on a marketplace or forum. Buyers can then contact the seller directly in a private chat message and conduct the transaction using cryptocurrencies or electronic payment services.

Website

Latest articles

Beware Of Weaponized Air Force invitation PDF Targeting Indian Defense And Energy Sectors

EclecticIQ cybersecurity researchers have uncovered a cyberespionage operation dubbed "Operation FlightNight" targeting Indian government...

WarzoneRAT Returns Post FBI Seizure: Utilizing LNK & HTA File

The notorious WarzoneRAT malware has made a comeback, despite the FBI's recent efforts to...

Google Revealed Kernel Address Sanitizer To Harden Android Firmware And Beyond

Android devices are popular among hackers due to the platform’s extensive acceptance and open-source...

Compromised SaaS Supply Chain Apps: 97% of Organizations at Risk of Cyber Attacks

Businesses increasingly rely on Software as a Service (SaaS) applications to drive efficiency, innovation,...

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles