In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by criminal purposes.
Many of the cybercriminals that have moved operations into illicit telegram channels in order to expand their reach and exploits to wider audiences. As a result, many of these illicit Telegram networks have negatively impacted many industries in relation to the increase of cyberattacks and data leaks that have occurred across the globe.
While any industry can be affected by the cybercriminals operating on Telegram, there are several industries that are more significantly impacted by these illicit activities. In this post, we’ll cover several of the common illicit activities found on Telegram, top industries impacted by them, and methods to minimize their impact on organizations.
Common Illicit Activities Found on Telegram
The increased popularity of Telegram has allowed individuals to connect and communicate globally. However, with that popularity has already increased the illicit channels and communities shared within Telegram. Within many of the illicit channels on Telegram there is often a variety of buying, selling, and trading of stolen credentials, data, and goods. However, there are some illicit activities that are more prevalent than others. The following are some of the more common types of illicit activities observed on Telegram channels.
- Carding – this type of illegal activity is one of the most prevalent on Telegram. It involves stealing credit card information through methods like phishing, skimming, and data breaches. This information is then sold on Telegram channels for a fee. The advantage for criminals to use this method is due the popularity and accessibility of the app. It also allows them to collaborate and share tools, which can increase profitability by sharing across multiple illicit channels.
- Bank Account Logins (bank logs) – this variety of cybercrime activity involves selling stolen bank account details on Telegram. It can be appealing to criminals due to high payouts and low risk of being caught by law enforcement. The stolen data can come from phishing attacks or data breaches. Often it can also include logins for other digital payment apps and online services like streaming platforms.
- Botnets – this type of malicious activity found in illicit Telegram channels often involve networks of compromised devices controlled by a centralized server and used for various illegal purposes. Botnets are appealing to share in illicit Telegram groups due to their anonymity and increased reach of more users to market to in the channels. These botnets can be sold to other criminals on illicit Telegram channels to increase their attack vectors.
- User Data Lists (Combolists) – combolists are collections of user information such as email addresses, usernames, passwords, security questions and answers, and API keys that have been acquired from data leaks or phishing attacks. Commonly combolists are used for credential stuffing and account takeover attacks. They also can be shared, traded, or sold on Telegram for cryptocurrency. The advantage of these is that it allows for large data sets for bulk distribution, widespread unauthorized access capabilities for more attacks, and high return on the investment of the illicit purchase or trade.
- Stealer Logs – these types of illicit activities found on Telegram include data logs containing stolen information like passwords, usernames, credentials, and credit card numbers. Unlike combolists, these logs are collected via malware disruption from infected devices and sold to other criminals for their own attacks.
Threat actor promotes selling bank logs from different banks on Telegram |
Malicious actor sells multiple combo lists on Telegram |
Top 3 Industries Impacted by Illicit Telegram Groups
Telegram has gained significantly in popularity over the past few years. While many legitimate groups use the platform for legitimate purposes, there is also a criminal side to the platform. Many illicit Telegram groups observed have emerged as a breeding ground for illegal activities. These activities have had a significant impact on various industries globally. While any industry can be impacted by the illicit criminal activities found on Telegram, there are three major industries that are more regularly affected by illicit Telegram groups.
The Financial Sector
One of the largest industries regularly impacted by illicit Telegram groups is the financial sector. The financial sector can consist of banks, investment firms, digital and cryptocurrencies, along with other financial institutions. Many financial organizations are among some of the hardest-hit by malicious Telegram groups. These groups have become a hub for sharing sensitive personal information and organizing fraudulent schemes against consumers and organizations.
Additionally, many of the illicit Telegram observed often will allow for the buying, selling, and trading of bank logs, stealer logs, user credentials, and credit card information similar to what can also be found on dark web marketplaces. Often these channels allow threat actors to run these operations covertly, making it challenging for regulatory entities to trace and control illegal activities.
Cybercriminals operating in these groups also commonly require buying and selling with the exchange of cryptocurrencies, further impacting digital currencies and their legitimacy. The rise of these types of groups poses a serious threat to the financial sector by increasing the likelihood of fraud deriving from illicit Telegram channels more regularly.
Retail & E-Commerce Industries
In addition to the financial sector, another industry that is heavily impacted by illicit Telegram activities is the retail and e-commerce industry. Many of the illicit Telegram activities observed have had a significant impact on the retail and e-commerce industry by posing numerous challenges for businesses operating in these sectors. Some of the illegal activities cybercriminals conduct against this industry include the sale of counterfeit goods, stolen merchandise, phishing, domain hijacking, and conducting financial fraud schemes targeted at the industry.
Additionally, the proliferation of illicit Telegram groups has also facilitated the exchange of sensitive customer data, such as personal information as well as financial and account credentials. It has led to an increase in cyber fraud and identity theft.
Malicious actor advertises how to scam several large retailers globally |
Retailers and e-commerce companies are now faced with the challenge of implementing robust security measures to safeguard their customers’ data and ensure secure transactions. Which is especially the case given that the financial sector has decreased their support for the industry in terms of fraudulent purchases and transactions.
The need for constant monitoring and takedown of illegal Telegram channels has strained resources and time for these businesses, diverting their attention from core operations and hindering their ability to focus on growth and innovation. As the e-commerce landscape continues to expand, finding effective solutions to counteract illicit Telegram activities is becoming a top priority for retailers and online vendors to maintain a safe and trustworthy environment for their customers.
Information Technology Sectors
The information technology sector often can intersect with a multitude of other industries. However, it is one of the top industries that sees the impact of many of the malicious activities that derive from illicit Telegram networks. Illicit Telegram channels have been observed to have multifaceted impacts on the information technology sector. This is given that the threat landscape becomes more challenging to navigate as criminals exploit organizations through illicit Telegram networks. These illicit channels on Telegram have allowed criminals to coordinate cyberattacks, distribute malware, and share hacking tools among each other.
The challenges that have come out of illicit Telegram groups have forced this sector to continually strengthen its defenses to thwart these threats. These threats have included:
- Investing significant resources in advanced security measures
- Threat intelligence
- Incident response capabilities in efforts to mitigate security challenges for countless organizations
For instance, high-profile data breaches originating from illicit Telegram channels can erode public trust in IT companies and services, leading to reputational damage and potential customer loss. As a result, businesses in the IT sector must remain vigilant and adaptive to stay ahead of evolving criminal tactics and safeguard their assets and the sensitive data of their clients.
Methods to Help Minimize the Impact of Illicit Telegram Activities
Telegram has become a popular messaging platform for users to communicate and connect with others globally. While the application does provide some secure message and anonymity of users, it has been observed to also be used often for illicit activities. With the increase of cybercrime activities that can be found within illicit Telegram channels it’s important for organizations, especially those within more heavily impacted industries, to take proactive measures to minimize the impact of these malicious activities. Here are a few methods and steps that organizations can take to help lessen the impact of illicit Telegram activity:
1. Strengthen your identity and access management policies and processes to prevent unauthorized access to internal systems.
2. Consider investing in quality endpoint security protection to ensure your networks, devices, and operating systems are protected from intrusion.
3. Employ to use an in-house or external threat intelligence provider that can support features such as dark web and Telegram monitoring.
4. Enhance your internal verification systems and processes to ensure that employees are required to use multi-factor authentication and verification to prevent unauthorized access.
5. Provide quality education and awareness to all of your employees to ensure they can spot suspicious activity and understand the negative impact it could have on the company.
6. Ensure that networks, devices, and systems are kept up to date with regular security updates and patches in the event of exploits from impacting the company.
Monitor Telegram with Flare
Flare automatically detects company-specific threats across the clear & dark web and illicit Telegram channels, integrates into your security program in 30 minutes, and provides advanced notice of potential high-risk exposure in a single, easy-to-use SaaS platform.
We identify high-risk vectors that could enable threat actors to access your environment and provide continuous monitoring for infected devices, ransomware exposure, public GitHub secrets leaks, leaked credentials, and more.
Sign up for a free trial to learn more about protecting your organization.