Hackers Now Switching to Telegram as a Secret Communication Medium for Underground Cybercrimes

Cyber Criminals begins switching Telegram for major underground communications for various cybercrimes and illegal operation since the Underground cybercrime marketplaces are continually taken down by Law enforcement.

The result of Worlds biggest Darknet marketplace AlphaBay and Hansa Taken down in last year July 2017, criminals switch the further trade and communication into a less convenient decentralized platform like Telegram.

AlphaBay Market Place was one of the well-known online darknet markets which operated on an onion service of the Tor network. It was shut down after a law enforcement action as a part of Operation Bayonet against it.

AlphaBay took down created the biggest gap in underground crime market and the Existing marketplaces have failed to capitalize on the gaps.

A result of a seizure of AlphaBay and Hansa in Operation, vendors, and buyers who had trading with AlphaBay have looked for other platforms to continue their operation and illegal trading.

Also, former AlphaBay vendors quickly began advertising their products on other markets such as Hansa and Dream.

Also, there are new underground Marketplaces are rising due to demand for the services AlphaBay but the fact is, there are challenges with fostering trust amongst users, as well as hidden monthly running costs.

Alongside Well-known criminal sites, such as Joker‘s Stash, have adopted blockchain hosting. Another market using this decentralized technology, OpenBazaar, has experienced a growth of four thousand new users in the last four months

Rick Holland, CISO at Digital Shadows said:“Historically when popular marketplaces disappear, another leader emerges. The effects of law enforcement action are therefore relatively short-lived, becoming a game of ‘whack-a-mole’ where cybercriminals are always one step ahead. But this hasn’t happened in this case (for now) and instead they have dispersed to alternative platforms and techniques to transact online.”

Cybercriminals Shifted to Telegram

Cybercriminals have increasingly shifted towards peer-to-peer networks and chat channels such as Telegram.

Based on the last 6-month observation there are  5,000 Telegram links shared across criminal forums and darknet websites including h 1,667 were invite links to new groups.

Apart from this 743 invites observed across criminal forums and dark websites across the last six months. Telegram group chat is very convenient for cybercriminals and they adapt easily to make further communication and trading with extreme anonymity.

Often sellers will advertise their service or product on a particular forum, but rather
than communicate directly with sellers on the forum or through its private messaging service, buyers are encouraging interested parties to reach out to them directly on alternative chat networks and messaging platforms.

In this case, cyber criminals using The primary channels are Telegram, Discord, Skype, Jabber, and IRC.

Since the Bayonet operation is short living effort and since the buyers and sellers spread widely across an increasingly decentralized community, it will be more difficult for law enforcement.

These Telegram channels used by sellers who post the advertisements of their products and services as they would normally do on a marketplace or forum. Buyers can then contact the seller directly in a private chat message and conduct the transaction using cryptocurrencies or electronic payment services.