FBI says Iranian hackers are utilizing Telegram to steal knowledge in malware assaults

Iranian authorities hackers are utilizing Telegram as a technique to steal knowledge from hacked dissidents, opposition teams, and journalists who oppose the regime around the globe, in keeping with an FBI alert revealed on Friday.  

Within the first stage of the assault, the hackers contact their targets and fake to be a recognized contact or tech assist, and are tricked into accepting a hyperlink to a malicious file masquerading as authentic apps, akin to Telegram and WhatsApp. As soon as the goal installs the malware, the second stage of the assault connects the contaminated sufferer with Telegram bots that permit the hackers to remotely command and management the sufferer’s laptop. This permits the hackers to achieve distant management of the victims’ units to steal information, take screenshots, and report Zoom calls, in keeping with the FBI. 

Utilizing Telegram as a technique to remotely management a sufferer’s gadget is a typical approach by hackers to cover malicious exercise amongst authentic community site visitors, which makes it more durable for cybersecurity defenders and anti-malware merchandise to determine.

In line with the FBI, the hackers chargeable for these assaults are allegedly working for Iran’s Ministry of Intelligence and Safety (MOIS). The FBI stated these assaults are an instance of Iranian authorities hackers’ makes an attempt to push the regime’s “geopolitical agenda.”

Within the alert, the FBI talked about the pro-Iranian and pro-Palestine faux hacktivist group Handala, though it’s not clear if the assaults referenced within the alert have been carried out by this group. 

Earlier this month, Handala claimed accountability for an assault on medical tech big Stryker, which resulted within the wiping tens of 1000’s of worker units.

In an 8-Okay submitting with the U.S. Securities and Alternate Fee on Monday, Stryker stated it’s nonetheless recovering from the hack.

Final week, the U.S. Justice Division accused Handala of being a entrance for Iran’s authorities, particularly the MOIS, and for being behind the Stryker hack. On the similar time, the FBI took down and seized two web sites linked to Handala, and two different websites linked to a different Iranian hacktivist group referred to as “Homeland Justice.” Within the latest FBI alert, the bureau stated the 2 teams are linked and managed by the MOIS. 

The FBI didn’t reply to a request to supply extra data. Telegram additionally didn’t reply to a request for remark.