Skip to main content

Amid rising concerns about Telegram’s security, the Kaspersky Digital Footprint Intelligence team analyzed shadow Telegram channels. Their findings reveal a troubling trend: cybercriminals are increasingly using Telegram as a platform for the underground market activities.

Cybercriminals actively operate channels and groups on Telegram dedicated to discussing fraud schemes, distributing leaked databases, and trading various criminal services, such as cashing out, forging documents, DDoS attacks as a service and more. According to Kaspersky’s Digital Footprint Intelligence data, the volume of such posts surged by 53% in May-June 2024 compared to the same period last year.

The growing interest in Telegram from the cybercriminal community is driven by several key factors. Firstly, this messenger is very popular in general – its audience has reached 900 million monthly users, according to Pavel Durov. Secondly, it is marketed as the most secure and independent messenger that does not collect any user data, giving threat actors a sense of security and impunity. Moreover, finding or creating a community on Telegram is relatively easy, which, combined with other factors, allows various channels, including cybercriminal ones, to gather an audience quickly,” explains Alexey Bannikov, analyst at Kaspersky Digital Footprint Intelligence.

READ MORE: National Assembly Endorses Telecom Appellate Tribunal Bill 2024: A Major Step in Digital Reform

Cybercriminals operating on Telegram generally demonstrate less technical sophistication and expertise compared to those found on more restricted and specialized dark web forums. This is due to the low entry barrier into the Telegram shadow community – someone with malicious purposes simply needs to create an account and subscribe to the criminal sources they can find as they are already part of this criminal community.

There is another trend: Telegram has emerged as a platform where various hacktivists make statements and express their views. Due to its extensive user base and rapid content distribution through Telegram channels, hacktivists find the platform a convenient tool to incite DDoS attacks and other disruptive methods against targeted infrastructures. Additionally, they can release stolen data from attacked organizations into the public domain using shadow channels”, notes Alexey Bannikov.

Kaspersky Digital Footprint Intelligence published a free comprehensive playbook to track shadow market activities and handle data-related incidents to help enterprises mitigate associated cyber risks.

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help over 220,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.