Get A Quote
Written by Cyber Threat Intelligence Unit on 30 March 2023

The Rise of Threat Actors on Telegram: A New Era?

The Dark Web, once a haven for anonymous internet surfing and protecting users' privacy and identity, has seen a decline in its use by threat actors. Its original purpose was to help journalists protect the sources of their information, and the Wikileaks scandal in 2007 further increased its appeal to those who wanted to exchange data anonymously.

The term "Dark Web" stems from the disturbing and dangerous content on its servers.

While the technology used by the Dark Web is i2p, it's primarily based on TOR. TOR allows encrypted communication from point to point, using three gateways, each with different encryption keys for their incoming and outgoing traffic, making it difficult to intercept the data.

In the early days, journalists and sources were the primary users of the Dark Web, but it quickly became a hotbed for threat actors to exchange data and conduct transactions. However, the Dark Web has since become less popular for such activities.

One of the main reasons for this shift is the ease with which threat actors can now create their own websites. Previously, creating a TOR ".onion" gateway for a website required a certain level of technical expertise and time. However, building a website with modern technology has become significantly more accessible and cheaper. Developing a reliable security operations (SecOps) strategy to protect the website from DDoS attacks , bot scripts, and hardened code and hardware is costly and time-consuming.

Authorities have become more proficient at quickly identifying and shutting down .onion gateways, which has also played a role in the decline of the Dark Web's popularity among threat actors.

As a result, threat actors have started to use other platforms to conduct their activities, and Telegram has emerged as a favorite. Telegram is an open-source instant messaging application available on almost every platform. It was created in 2013 by two Russian brothers who wanted to ensure the FSB wasn't monitoring their conversations. Criminals need to monetize their work, meaning they need to have a safe space to exchange information, even with those with low technical skills: Telegram offers such a space, making it a popular choice among threat actors.

While Telegram is not the only platform threat actors are using, it's becoming one of the major ones. The number of "specialized" channels, including hacker groups and marketplaces, has grown significantly over the past year. The list of channels offering logs, DDOS, malware, and more now numbers close to 250. We'll likely see threat actors shifting to platforms like Telegram in the coming months.

As threat actors evolve their methods and tactics, it's more important than ever for individuals and businesses to take the necessary steps to protect themselves from these threats.

At Hitachi Systems Security, we offer comprehensive cybersecurity solutions designed to safeguard your sensitive data and protect your business from cyber attacks.

Contact us today to learn more.


Screenshot of Telegrams Channels used by cybercriminals to sell data

Related Posts